From ffa2b61330c93bac780cde9eb5bc72ae60cd910b Mon Sep 17 00:00:00 2001
From: Yabin Cui <yabinc@google.com>
Date: Fri, 2 Nov 2018 14:34:06 -0700
Subject: [PATCH] Add runas_app domain to allow running app data file via
run-as.
Calling execve() on files in an app's home directory isn't allowed
for targetApi >=29. But this is needed by simpleperf to profile
a debuggable app via run-as.
So workaround it by adding runas_app domain, which allows running
app data file. And add a rule in seapp_contexts to use runas_app
domain for setcontext requests from run-as.
Bug: 118737210
Test: boot marlin and run CtsSimpleperfTestCases.
Change-Id: I5c3b54c95337d6d8192861757b858708174ebfd5
---
private/app_neverallows.te | 1 +
private/runas_app.te | 11 +++++++++++
private/seapp_contexts | 4 ++++
tools/check_seapp.c | 1 +
4 files changed, 17 insertions(+)
create mode 100644 private/runas_app.te
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index b8889f74e..ab080c290 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -48,6 +48,7 @@ neverallow {
all_untrusted_apps
-untrusted_app_25
-untrusted_app_27
+ -runas_app
} { app_data_file privapp_data_file }:file execute_no_trans;
# Do not allow untrusted apps to be assigned mlstrustedsubject.
diff --git a/private/runas_app.te b/private/runas_app.te
new file mode 100644
index 000000000..b976b9187
--- /dev/null
+++ b/private/runas_app.te
@@ -0,0 +1,11 @@
+type runas_app, domain;
+typeattribute runas_app coredomain;
+
+app_domain(runas_app)
+untrusted_app_domain(runas_app)
+net_domain(runas_app)
+bluetooth_domain(runas_app)
+
+# The ability to call exec() on files in the apps home directories
+# when using run-as on a debuggable app. Needed by simpleperf.
+allow runas_app app_data_file:file execute_no_trans;
diff --git a/private/seapp_contexts b/private/seapp_contexts
index 821ef0c2b..55391ea36 100644
--- a/private/seapp_contexts
+++ b/private/seapp_contexts
@@ -9,6 +9,7 @@
# path (string)
# isPrivApp (boolean)
# minTargetSdkVersion (unsigned integer)
+# fromRunAs (boolean)
# isSystemServer=true can only be used once.
# An unspecified isSystemServer defaults to false.
# isEphemeralApp=true will match apps marked by PackageManager as Ephemeral
@@ -25,6 +26,7 @@
# minTargetSdkVersion will match applications with a targetSdkVersion
# greater than or equal to the specified value. If unspecified,
# it has a default value of 0.
+# fromRunAs=true means the setcontext request is from run-as. Default is false.
# All specified input selectors in an entry must match (i.e. logical AND).
# Matching is case-insensitive.
#
@@ -43,6 +45,7 @@
# (11) Specified isPrivApp= before unspecified isPrivApp= boolean.
# (12) Higher value of minTargetSdkVersion= before lower value of minTargetSdkVersion=
# integer. Note that minTargetSdkVersion= defaults to 0 if unspecified.
+# (13) fromRunAs=true before fromRunAs=false.
#
# Outputs:
# domain (string)
@@ -118,3 +121,4 @@ user=_app minTargetSdkVersion=29 domain=untrusted_app type=app_data_file levelFr
user=_app minTargetSdkVersion=28 domain=untrusted_app_27 type=app_data_file levelFrom=all
user=_app minTargetSdkVersion=26 domain=untrusted_app_27 type=app_data_file levelFrom=user
user=_app domain=untrusted_app_25 type=app_data_file levelFrom=user
+user=_app fromRunAs=true domain=runas_app levelFrom=all
diff --git a/tools/check_seapp.c b/tools/check_seapp.c
index c23c1f6c6..1022cbd48 100644
--- a/tools/check_seapp.c
+++ b/tools/check_seapp.c
@@ -212,6 +212,7 @@ key_map rules[] = {
{ .name = "path", .dir = dir_in, },
{ .name = "isPrivApp", .dir = dir_in, .fn_validate = validate_bool },
{ .name = "minTargetSdkVersion", .dir = dir_in, .fn_validate = validate_uint },
+ { .name = "fromRunAs", .dir = dir_in, .fn_validate = validate_bool },
/*Outputs*/
{ .name = "domain", .dir = dir_out, .fn_validate = validate_selinux_type },
{ .name = "type", .dir = dir_out, .fn_validate = validate_selinux_type },
--
GitLab