149b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaletypeattribute incidentd coredomain; 249b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaletypeattribute incidentd mlstrustedsubject; 349b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 449b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleinit_daemon_domain(incidentd) 549b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaletype incidentd_exec, exec_type, file_type; 649b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwalebinder_use(incidentd) 749b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwalewakelock_use(incidentd) 849b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 949b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# Allow incidentd to scan through /proc/pid for all processes 1049b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaler_dir_file(incidentd, domain) 1149b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 1249b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# Allow incidentd to kill incident_helper when timeout 1349b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow incidentd incident_helper:process sigkill; 1449b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 1549b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# Allow executing files on system, such as: 1649b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# /system/bin/toolbox 1749b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# /system/bin/logcat 1849b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# /system/bin/dumpsys 1949b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow incidentd system_file:file execute_no_trans; 2049b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow incidentd toolbox_exec:file rx_file_perms; 2149b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 2249b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# section id 2001, allow reading /proc/pagetypeinfo 2349b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow incidentd proc_pagetypeinfo:file r_file_perms; 2449b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 2549b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# section id 2002, allow reading /d/wakeup_sources 2649b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow incidentd debugfs_wakeup_sources:file r_file_perms; 2749b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 2849b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# section id 2003, allow executing top 2949b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow incidentd proc_meminfo:file { open read }; 3049b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 3149b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# section id 2004, allow reading /sys/devices/system/cpu/cpufreq/all_time_in_state 3249b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow incidentd sysfs_devices_system_cpu:file r_file_perms; 3349b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 3449b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# section id 2005, allow reading ps dump in full 3549b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow incidentd domain:process getattr; 3649b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 3749b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# section id 2006, allow reading /sys/class/power_supply/bms/battery_type 3849b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow incidentd sysfs_batteryinfo:dir { search }; 3949b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow incidentd sysfs_batteryinfo:file r_file_perms; 4049b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 4149b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# section id 2007, allow reading LAST_KMSG /sys/fs/pstore/console-ramoops 4249b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleuserdebug_or_eng(`allow incidentd pstorefs:dir search'); 4349b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleuserdebug_or_eng(`allow incidentd pstorefs:file r_file_perms'); 4449b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 4549b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# Create and write into /data/misc/incidents 4649b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow incidentd incident_data_file:dir rw_dir_perms; 4749b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow incidentd incident_data_file:file create_file_perms; 4849b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 4949b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# Enable incidentd to get stack traces. 5049b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwalebinder_use(incidentd) 5149b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwalehwbinder_use(incidentd) 5249b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow incidentd hwservicemanager:hwservice_manager { list }; 5349b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleget_prop(incidentd, hwservicemanager_prop) 5449b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow incidentd hidl_manager_hwservice:hwservice_manager { find }; 5549b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 5649b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# Read files in /proc 5749b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow incidentd { 5849b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale proc_cmdline 5949b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale proc_pipe_conf 6049b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale proc_stat 6149b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale}:file r_file_perms; 6249b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 6349b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# Signal java processes to dump their stack and get the results 6449b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow incidentd { appdomain ephemeral_app system_server }:process signal; 6549b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 6649b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# Signal native processes to dump their stack. 6749b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# This list comes from native_processes_to_dump in incidentd/utils.c 6849b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow incidentd { 6949b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale # This list comes from native_processes_to_dump in dumputils/dump_utils.cpp 7049b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale audioserver 7149b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale cameraserver 7249b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale drmserver 7349b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale inputflinger 7449b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale mediadrmserver 7549b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale mediaextractor 7649b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale mediametrics 7749b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale mediaserver 7849b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale sdcardd 7949b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale statsd 8049b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale surfaceflinger 8149b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 8249b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale # This list comes from hal_interfaces_to_dump in dumputils/dump_utils.cpp 8349b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale hal_audio_server 8449b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale hal_bluetooth_server 8549b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale hal_camera_server 8649b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale hal_graphics_composer_server 8749b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale hal_sensors_server 8849b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale hal_vr_server 8949b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale mediacodec # TODO(b/36375899): hal_omx_server 9049b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale}:process signal; 9149b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 9249b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# Allow incidentd to make binder calls to any binder service 9349b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwalebinder_call(incidentd, system_server) 9449b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwalebinder_call(incidentd, appdomain) 9549b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 9649b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# Reading /proc/PID/maps of other processes 9749b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleuserdebug_or_eng(`allow incidentd self:global_capability_class_set { sys_ptrace }'); 9849b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# incidentd has capability sys_ptrace, but should only use that capability for 9949b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# accessing sensitive /proc/PID files, never for using ptrace attach. 10049b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleneverallow incidentd *:process ptrace; 10149b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 10249b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow incidentd self:global_capability_class_set { 10349b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale # Send signals to processes 10449b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale kill 10549b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale}; 10649b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 10749b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# Connect to tombstoned to intercept dumps. 10849b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleunix_socket_connect(incidentd, tombstoned_intercept, tombstoned) 10949b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 11049b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# Run a shell. 11149b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow incidentd shell_exec:file rx_file_perms; 11249b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 11349b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# logd access - work to be done is a PII safe log (possibly an event log?) 11449b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleuserdebug_or_eng(`read_logd(incidentd)') 11549b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# TODO control_logd(incidentd) 11649b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 11749b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# Allow incidentd to find these standard groups of services. 11849b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# Others can be whitelisted individually. 11949b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow incidentd { 12049b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale system_server_service 12149b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale app_api_service 12249b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale system_api_service 12349b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale}:service_manager find; 12449b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 12549b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# Only incidentd can publish the binder service 12649b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleadd_service(incidentd, incident_service) 12749b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 12849b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# Allow pipes from (and only from) incident 12949b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow incidentd incident:fd use; 13049b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleallow incidentd incident:fifo_file write; 13149b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 13249b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# Allow incident to call back to incident with status updates. 13349b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwalebinder_call(incidentd, incident) 13449b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 13549b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale### 13649b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale### neverallow rules 13749b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale### 13849b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 13949b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# only system_server, system_app and incident command can find the incident service 14049b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleneverallow { 14149b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale domain 14249b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale -incident 14349b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale -incidentd 14449b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale -statsd 14549b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale -system_app 14649b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale -system_server 14749b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale} incident_service:service_manager find; 14849b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 14949b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# only incidentd and the other root services in limited circumstances 15049b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# can get to the files in /data/misc/incidents 15149b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# 15249b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# write, execute, append are forbidden almost everywhere 15349b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleneverallow { domain -incidentd -init -vold } incident_data_file:file { 15449b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale w_file_perms 15549b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale x_file_perms 15649b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale create 15749b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale rename 15849b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale setattr 15949b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale unlink 16049b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale append 16149b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale}; 16249b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# read is also allowed by system_server, for when the file is handed to dropbox 16349b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleneverallow { domain -incidentd -init -vold -system_server } incident_data_file:file r_file_perms; 16449b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale# limited access to the directory itself 16549b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwaleneverallow { domain -incidentd -init -vold } incident_data_file:dir create_dir_perms; 16649b79029cbb4bfb362b6b823e63bb467e8012230Wale Ogunwale 167