Add sepolicy for simpleperf_app_runner.

Bug: 118835348 Test: build and boot pixel 3. Test: run simpleperf_app_runner manually. Change-Id: Ifb6c2ab78e075684bc197d06f761becced8281d1
2019-01-10 15:34:08 -08:00 · 2019-01-10 15:34:08 -08:00 · e5fc21c787
commit e5fc21c787
parent b1f34ddaf7
7 changed files with 47 additions and 2 deletions
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@ -144,6 +144,8 @@
    secure_element_tmpfs
    secure_element_service
    server_configurable_flags_data_file
+    simpleperf_app_runner
+    simpleperf_app_runner_exec
    slice_service
    staging_data_file
    stats
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@ -131,6 +131,8 @@
    secure_element_service
    secure_element_tmpfs
    server_configurable_flags_data_file
+    simpleperf_app_runner
+    simpleperf_app_runner_exec
    slice_service
    stats
    stats_data_file
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@ -86,6 +86,8 @@
    runtime_service
    sensor_privacy_service
    server_configurable_flags_data_file
+    simpleperf_app_runner
+    simpleperf_app_runner_exec
    super_block_device
    system_event_log_tags_file
    system_lmk_prop
--- a/private/file_contexts
+++ b/private/file_contexts
@ -314,6 +314,7 @@
 /system/bin/watchdogd            u:object_r:watchdogd_exec:s0
 /system/bin/apexd                u:object_r:apexd_exec:s0
 /system/bin/gsid                 u:object_r:gsid_exec:s0
+/system/bin/simpleperf_app_runner    u:object_r:simpleperf_app_runner_exec:s0

 #############################
 # Vendor files
--- a/private/simpleperf_app_runner.te
+++ b/private/simpleperf_app_runner.te
@ -0,0 +1,3 @@
+typeattribute simpleperf_app_runner coredomain;
+
+domain_auto_trans(shell, simpleperf_app_runner_exec, simpleperf_app_runner)
--- a/public/domain.te
+++ b/public/domain.te
@ -1205,8 +1205,9 @@ neverallow {
  -zygote
 } shell:process { transition dyntransition };

-# Only domains spawned from zygote and runas may have the appdomain attribute.
-neverallow { domain -runas -app_zygote -webview_zygote -zygote } {
+# Only domains spawned from zygote, runas and simpleperf_app_runner may have the appdomain
+# attribute.
+neverallow { domain -simpleperf_app_runner -runas -app_zygote -webview_zygote -zygote } {
  appdomain -shell userdebug_or_eng(`-su')
 }:process { transition dyntransition };

--- a/public/simpleperf_app_runner.te
+++ b/public/simpleperf_app_runner.te
@ -0,0 +1,34 @@
+type simpleperf_app_runner, domain, mlstrustedsubject;
+type simpleperf_app_runner_exec, system_file_type, exec_type, file_type;
+
+# run simpleperf_app_runner in adb shell.
+allow simpleperf_app_runner adbd:fd use;
+allow simpleperf_app_runner shell:fd use;
+allow simpleperf_app_runner devpts:chr_file { read write ioctl };
+
+# simpleperf_app_runner reads package information.
+allow simpleperf_app_runner system_data_file:file r_file_perms;
+allow simpleperf_app_runner system_data_file:lnk_file getattr;
+
+# The app's data dir may be accessed through a symlink.
+allow simpleperf_app_runner system_data_file:lnk_file read;
+
+# simpleperf_app_runner switches to the app UID/GID.
+allow simpleperf_app_runner self:global_capability_class_set { setuid setgid };
+
+# simpleperf_app_runner switches to the app security context.
+selinux_check_context(simpleperf_app_runner) # validate context
+allow simpleperf_app_runner self:process setcurrent;
+allow simpleperf_app_runner untrusted_app_all:process dyntransition; # setcon
+
+# simpleperf_app_runner/libselinux needs access to seapp_contexts_file to
+# determine which domain to transition to.
+allow simpleperf_app_runner seapp_contexts_file:file r_file_perms;
+
+###
+### neverallow rules
+###
+
+# simpleperf_app_runner cannot have capabilities other than CAP_SETUID and CAP_SETGID
+neverallow simpleperf_app_runner self:global_capability_class_set ~{ setuid setgid };
+neverallow simpleperf_app_runner self:global_capability2_class_set *;