1805824884fbcdc522c2faac10488902bd41192bdDan Cashman# android user-space log manager 2805824884fbcdc522c2faac10488902bd41192bdDan Cashmantype logd, domain, mlstrustedsubject; 3805824884fbcdc522c2faac10488902bd41192bdDan Cashmantype logd_exec, exec_type, file_type; 4805824884fbcdc522c2faac10488902bd41192bdDan Cashman 5805824884fbcdc522c2faac10488902bd41192bdDan Cashman# Read access to pseudo filesystems. 6805824884fbcdc522c2faac10488902bd41192bdDan Cashmanr_dir_file(logd, cgroup) 7805824884fbcdc522c2faac10488902bd41192bdDan Cashmanr_dir_file(logd, proc) 8805824884fbcdc522c2faac10488902bd41192bdDan Cashmanr_dir_file(logd, proc_meminfo) 9805824884fbcdc522c2faac10488902bd41192bdDan Cashmanr_dir_file(logd, proc_net) 10805824884fbcdc522c2faac10488902bd41192bdDan Cashman 11805824884fbcdc522c2faac10488902bd41192bdDan Cashmanallow logd self:capability { setuid setgid setpcap sys_nice audit_control }; 12805824884fbcdc522c2faac10488902bd41192bdDan Cashmanallow logd self:capability2 syslog; 13805824884fbcdc522c2faac10488902bd41192bdDan Cashmanallow logd self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_write }; 14805824884fbcdc522c2faac10488902bd41192bdDan Cashmanallow logd kernel:system syslog_read; 15805824884fbcdc522c2faac10488902bd41192bdDan Cashmanallow logd kmsg_device:chr_file w_file_perms; 16805824884fbcdc522c2faac10488902bd41192bdDan Cashmanallow logd system_data_file:{ file lnk_file } r_file_perms; 17805824884fbcdc522c2faac10488902bd41192bdDan Cashmanallow logd pstorefs:dir search; 18805824884fbcdc522c2faac10488902bd41192bdDan Cashmanallow logd pstorefs:file r_file_perms; 19805824884fbcdc522c2faac10488902bd41192bdDan Cashmanuserdebug_or_eng(` 20805824884fbcdc522c2faac10488902bd41192bdDan Cashman # Access to /data/misc/logd/event-log-tags 21805824884fbcdc522c2faac10488902bd41192bdDan Cashman allow logd misc_logd_file:dir r_dir_perms; 22805824884fbcdc522c2faac10488902bd41192bdDan Cashman allow logd misc_logd_file:file rw_file_perms; 23805824884fbcdc522c2faac10488902bd41192bdDan Cashman') 24805824884fbcdc522c2faac10488902bd41192bdDan Cashmanallow logd runtime_event_log_tags_file:file rw_file_perms; 25805824884fbcdc522c2faac10488902bd41192bdDan Cashman 26805824884fbcdc522c2faac10488902bd41192bdDan Cashman# Access device logging gating property 27805824884fbcdc522c2faac10488902bd41192bdDan Cashmanget_prop(logd, device_logging_prop) 28805824884fbcdc522c2faac10488902bd41192bdDan Cashman 29805824884fbcdc522c2faac10488902bd41192bdDan Cashmanr_dir_file(logd, domain) 30805824884fbcdc522c2faac10488902bd41192bdDan Cashman 31805824884fbcdc522c2faac10488902bd41192bdDan Cashmanallow logd kernel:system syslog_mod; 32805824884fbcdc522c2faac10488902bd41192bdDan Cashman 33805824884fbcdc522c2faac10488902bd41192bdDan Cashmancontrol_logd(logd) 34805824884fbcdc522c2faac10488902bd41192bdDan Cashmanread_runtime_log_tags(logd) 35805824884fbcdc522c2faac10488902bd41192bdDan Cashman 36805824884fbcdc522c2faac10488902bd41192bdDan Cashmanallow runtime_event_log_tags_file tmpfs:filesystem associate; 37805824884fbcdc522c2faac10488902bd41192bdDan Cashman# Typically harmlessly blindly trying to access via liblog 38805824884fbcdc522c2faac10488902bd41192bdDan Cashman# event tag mapping while in the untrusted_app domain. 39805824884fbcdc522c2faac10488902bd41192bdDan Cashman# Access for that domain is controlled and gated via the 40805824884fbcdc522c2faac10488902bd41192bdDan Cashman# event log tag service (albeit at a performance penalty, 41805824884fbcdc522c2faac10488902bd41192bdDan Cashman# expected to be locally cached). 42805824884fbcdc522c2faac10488902bd41192bdDan Cashmandontaudit domain runtime_event_log_tags_file:file { open read }; 43805824884fbcdc522c2faac10488902bd41192bdDan Cashman 44805824884fbcdc522c2faac10488902bd41192bdDan Cashman### 45805824884fbcdc522c2faac10488902bd41192bdDan Cashman### Neverallow rules 46805824884fbcdc522c2faac10488902bd41192bdDan Cashman### 47805824884fbcdc522c2faac10488902bd41192bdDan Cashman### logd should NEVER do any of this 48805824884fbcdc522c2faac10488902bd41192bdDan Cashman 49805824884fbcdc522c2faac10488902bd41192bdDan Cashman# Block device access. 50805824884fbcdc522c2faac10488902bd41192bdDan Cashmanneverallow logd dev_type:blk_file { read write }; 51805824884fbcdc522c2faac10488902bd41192bdDan Cashman 52805824884fbcdc522c2faac10488902bd41192bdDan Cashman# ptrace any other app 53805824884fbcdc522c2faac10488902bd41192bdDan Cashmanneverallow logd domain:process ptrace; 54805824884fbcdc522c2faac10488902bd41192bdDan Cashman 55805824884fbcdc522c2faac10488902bd41192bdDan Cashman# ... and nobody may ptrace me (except on userdebug or eng builds) 56805824884fbcdc522c2faac10488902bd41192bdDan Cashmanneverallow { domain userdebug_or_eng(`-crash_dump') } logd:process ptrace; 57805824884fbcdc522c2faac10488902bd41192bdDan Cashman 58805824884fbcdc522c2faac10488902bd41192bdDan Cashman# Write to /system. 59805824884fbcdc522c2faac10488902bd41192bdDan Cashmanneverallow logd system_file:dir_file_class_set write; 60805824884fbcdc522c2faac10488902bd41192bdDan Cashman 61805824884fbcdc522c2faac10488902bd41192bdDan Cashman# Write to files in /data/data or system files on /data 62805824884fbcdc522c2faac10488902bd41192bdDan Cashmanneverallow logd { app_data_file system_data_file }:dir_file_class_set write; 63805824884fbcdc522c2faac10488902bd41192bdDan Cashman 64805824884fbcdc522c2faac10488902bd41192bdDan Cashman# Only init is allowed to enter the logd domain via exec() 65805824884fbcdc522c2faac10488902bd41192bdDan Cashmanneverallow { domain -init } logd:process transition; 66805824884fbcdc522c2faac10488902bd41192bdDan Cashmanneverallow * logd:process dyntransition; 67805824884fbcdc522c2faac10488902bd41192bdDan Cashman 68805824884fbcdc522c2faac10488902bd41192bdDan Cashman# protect the event-log-tags file 69805824884fbcdc522c2faac10488902bd41192bdDan Cashmanneverallow { 70805824884fbcdc522c2faac10488902bd41192bdDan Cashman domain 71805824884fbcdc522c2faac10488902bd41192bdDan Cashman -init 72805824884fbcdc522c2faac10488902bd41192bdDan Cashman -logd 73805824884fbcdc522c2faac10488902bd41192bdDan Cashman} runtime_event_log_tags_file:file no_w_file_perms; 74