Give heapprofd dac_read_search on userdebug.

This is needed because some oat dex files are generated without world readable permissions. See the bug for details. We are still constrained by the SELinux rules above. Bug: 129048073 Change-Id: I84e34f83ceb299ff16b29a78f16c620fc0aa5d68
2019-03-21 13:07:05 +00:00 · 2019-03-21 13:07:05 +00:00 · e922aa38bf
commit e922aa38bf
parent 75e7d2886c
2 changed files with 11 additions and 0 deletions
--- a/private/domain.te
+++ b/private/domain.te
@ -279,6 +279,7 @@ neverallow ~dac_override_allowed self:global_capability_class_set dac_override;
 neverallow ~{
  dac_override_allowed
  traced_probes
+  userdebug_or_eng(`heapprofd')
 } self:global_capability_class_set dac_read_search;

 # Limit what domains can mount filesystems or change their mount flags.
--- a/private/heapprofd.te
+++ b/private/heapprofd.te
@ -46,8 +46,18 @@ userdebug_or_eng(`
  r_dir_file(heapprofd, apk_data_file)
  r_dir_file(heapprofd, dalvikcache_data_file)
  r_dir_file(heapprofd, vendor_file_type)
+  # Some dex files are not world-readable.
+  # We are still constrained by the SELinux rules above.
+  allow heapprofd self:global_capability_class_set dac_read_search;
 ')

+# This is going to happen on user but is benign because central heapprofd
+# does not actually need these permission.
+# If the dac_read_search capability check is rejected, the kernel then tries
+# to perform a dac_override capability check, so we need to dontaudit that
+# as well.
+dontaudit heapprofd self:global_capability_class_set { dac_read_search dac_override };
+
 never_profile_heap(`{
  bpfloader
  init