logd.te revision 5c6a227ebb216e874a749f424bf5b87528115ed7
15c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman# android user-space log manager 25c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmantype logd, domain, mlstrustedsubject; 35c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmantype logd_exec, exec_type, file_type; 45c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 55c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman# Read access to pseudo filesystems. 65c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanr_dir_file(logd, cgroup) 75c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanr_dir_file(logd, proc) 85c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanr_dir_file(logd, proc_meminfo) 95c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanr_dir_file(logd, proc_net) 105c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 115c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanallow logd self:capability { setuid setgid setpcap sys_nice audit_control }; 125c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanallow logd self:capability2 syslog; 135c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanallow logd self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_write }; 145c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanallow logd kernel:system syslog_read; 155c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanallow logd kmsg_device:chr_file w_file_perms; 165c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanallow logd system_data_file:{ file lnk_file } r_file_perms; 175c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanallow logd pstorefs:dir search; 185c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanallow logd pstorefs:file r_file_perms; 195c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanuserdebug_or_eng(` 205c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman # Access to /data/misc/logd/event-log-tags 215c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman allow logd misc_logd_file:dir r_dir_perms; 225c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman allow logd misc_logd_file:file rw_file_perms; 235c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman') 245c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanallow logd runtime_event_log_tags_file:file rw_file_perms; 255c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 265c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman# Access device logging gating property 275c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanget_prop(logd, device_logging_prop) 285c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 295c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanr_dir_file(logd, domain) 305c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 315c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanallow logd kernel:system syslog_mod; 325c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 335c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmancontrol_logd(logd) 345c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanread_runtime_log_tags(logd) 355c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 365c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanallow runtime_event_log_tags_file tmpfs:filesystem associate; 375c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman# Typically harmlessly blindly trying to access via liblog 385c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman# event tag mapping while in the untrusted_app domain. 395c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman# Access for that domain is controlled and gated via the 405c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman# event log tag service (albeit at a performance penalty, 415c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman# expected to be locally cached). 425c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmandontaudit domain runtime_event_log_tags_file:file { open read }; 435c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 445c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman### 455c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman### Neverallow rules 465c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman### 475c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman### logd should NEVER do any of this 485c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 495c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman# Block device access. 505c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanneverallow logd dev_type:blk_file { read write }; 515c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 525c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman# ptrace any other app 535c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanneverallow logd domain:process ptrace; 545c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 555c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman# ... and nobody may ptrace me (except on userdebug or eng builds) 565c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanneverallow { domain userdebug_or_eng(`-crash_dump') } logd:process ptrace; 575c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 585c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman# Write to /system. 595c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanneverallow logd system_file:dir_file_class_set write; 605c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 615c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman# Write to files in /data/data or system files on /data 625c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanneverallow logd { app_data_file system_data_file }:dir_file_class_set write; 635c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 645c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman# Only init is allowed to enter the logd domain via exec() 655c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanneverallow { domain -init } logd:process transition; 665c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanneverallow * logd:process dyntransition; 675c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman 685c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman# protect the event-log-tags file 695c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashmanneverallow { 705c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman domain 715c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman -init 725c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman -logd 735c6a227ebb216e874a749f424bf5b87528115ed7Dan Cashman} runtime_event_log_tags_file:file no_w_file_perms; 74