SEPolicy changes to allow kcov access in userdebug.
This includes the SELinux policy changes to allow for kcov access in userdebug builds for coverage-guided kernel fuzzing. Bug: 117990869 Test: Ran syzkaller with Android untrusted_app sandbox with coverage. Change-Id: I1fcaad447c7cdc2a3360383b5dcd76e8a0f93f09
This commit is contained in:
parent
9cded32f6a
commit
55d9096652
@ -19,7 +19,8 @@ neverallow all_untrusted_apps domain:netlink_socket *;
|
||||
|
||||
# Too much leaky information in debugfs. It's a security
|
||||
# best practice to ensure these files aren't readable.
|
||||
neverallow all_untrusted_apps debugfs_type:file read;
|
||||
neverallow all_untrusted_apps { debugfs_type -debugfs_kcov }:file read;
|
||||
neverallow {all_untrusted_apps userdebug_or_eng(`-domain')} debugfs_type:file read;
|
||||
|
||||
# Do not allow untrusted apps to register services.
|
||||
# Only trusted components of Android should be registering
|
||||
|
@ -9,3 +9,7 @@ type wm_trace_data_file, file_type, data_file_type, core_data_file_type;
|
||||
|
||||
# /data/misc/perfetto-traces for perfetto traces
|
||||
type perfetto_traces_data_file, file_type, data_file_type, core_data_file_type;
|
||||
|
||||
# /sys/kernel/debug/kcov for coverage guided kernel fuzzing in userdebug builds.
|
||||
type debugfs_kcov, fs_type, debugfs_type;
|
||||
|
||||
|
@ -252,6 +252,9 @@ genfscon debugfs /tracing/events/lowmemorykiller/
|
||||
genfscon debugfs /tracing/events/sync/ u:object_r:debugfs_tracing:s0
|
||||
genfscon debugfs /tracing/events/fence/ u:object_r:debugfs_tracing:s0
|
||||
|
||||
genfscon debugfs /kcov u:object_r:debugfs_kcov:s0
|
||||
|
||||
|
||||
genfscon inotifyfs / u:object_r:inotify:s0
|
||||
genfscon vfat / u:object_r:vfat:s0
|
||||
genfscon exfat / u:object_r:exfat:s0
|
||||
|
@ -140,3 +140,10 @@ create_pty(untrusted_app_all)
|
||||
# the ACTION_USER_UNLOCKED intent is delivered. Suppress this
|
||||
# denial to prevent third party apps from spamming the logs.
|
||||
dontaudit untrusted_app_all system_data_file:dir write;
|
||||
|
||||
# Allow access to kcov via its ioctl interface for coverage
|
||||
# guided kernel fuzzing.
|
||||
userdebug_or_eng(`
|
||||
allow untrusted_app_all debugfs_kcov:file rw_file_perms;
|
||||
allowxperm untrusted_app_all debugfs_kcov:file ioctl { KCOV_INIT_TRACE KCOV_ENABLE KCOV_DISABLE };
|
||||
')
|
||||
|
@ -1169,6 +1169,9 @@ define(`JSIOCGVERSION', `0x80046a01')
|
||||
define(`JSIOCSAXMAP', `0x40406a31')
|
||||
define(`JSIOCSBTNMAP', `0x44006a33')
|
||||
define(`JSIOCSCORR', `0x40246a21')
|
||||
define(`KCOV_DISABLE', `0x00006365')
|
||||
define(`KCOV_ENABLE', `0x00006364')
|
||||
define(`KCOV_INIT_TRACE', `0x80086301')
|
||||
define(`KDADDIO', `0x00004b34')
|
||||
define(`KDDELIO', `0x00004b35')
|
||||
define(`KDDISABIO', `0x00004b37')
|
||||
|
Loading…
Reference in New Issue
Block a user