18ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn# android user-space log manager 25c4435af892da63ce3832533dc79af18ade24bbaJeff Vander Stoeptype logd, domain, mlstrustedsubject; 38ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyntype logd_exec, exec_type, file_type; 48ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn 52f3979a778d8fbe4e0a8ea0206fdaa823eb0aabdJeff Vander Stoep# Read access to pseudo filesystems. 67ef80731f20bdafc23eb5bedeb063247933fc8aaJeff Vander Stoepr_dir_file(logd, cgroup) 787ed5e8dbf220fd36471bdfbd42bf692c0371fc1Tri Vor_dir_file(logd, proc_kmsg) 87ef80731f20bdafc23eb5bedeb063247933fc8aaJeff Vander Stoepr_dir_file(logd, proc_meminfo) 92f3979a778d8fbe4e0a8ea0206fdaa823eb0aabdJeff Vander Stoepr_dir_file(logd, proc_net) 102f3979a778d8fbe4e0a8ea0206fdaa823eb0aabdJeff Vander Stoep 119b2e0cbeeaae560b07e4ffa6e5b8e505699e4a76Benjamin Gordonallow logd self:global_capability_class_set { setuid setgid setpcap sys_nice audit_control }; 129b2e0cbeeaae560b07e4ffa6e5b8e505699e4a76Benjamin Gordonallow logd self:global_capability2_class_set syslog; 13bff9801521abb36a243131114e70f905fb1238efJeff Vander Stoepallow logd self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_write }; 14238a654f4ac0ce69a8e88d96adb55667c274d91cMark Salyzynallow logd kernel:system syslog_read; 156252b631a78dd16168c8302c08659f939de9c65fMark Salyzynallow logd kmsg_device:chr_file w_file_perms; 167ef80731f20bdafc23eb5bedeb063247933fc8aaJeff Vander Stoepallow logd system_data_file:{ file lnk_file } r_file_perms; 17384ce66246ea60a56a10e0bebb3c33647bb03a51Mark Salyzynallow logd pstorefs:dir search; 18384ce66246ea60a56a10e0bebb3c33647bb03a51Mark Salyzynallow logd pstorefs:file r_file_perms; 19384ce66246ea60a56a10e0bebb3c33647bb03a51Mark Salyzynuserdebug_or_eng(` 20384ce66246ea60a56a10e0bebb3c33647bb03a51Mark Salyzyn # Access to /data/misc/logd/event-log-tags 21384ce66246ea60a56a10e0bebb3c33647bb03a51Mark Salyzyn allow logd misc_logd_file:dir r_dir_perms; 22384ce66246ea60a56a10e0bebb3c33647bb03a51Mark Salyzyn allow logd misc_logd_file:file rw_file_perms; 23384ce66246ea60a56a10e0bebb3c33647bb03a51Mark Salyzyn') 24384ce66246ea60a56a10e0bebb3c33647bb03a51Mark Salyzynallow logd runtime_event_log_tags_file:file rw_file_perms; 258ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn 260c8286fe74d878243e850b8c1ec50ea5312b1a48Rubin Xu# Access device logging gating property 270c8286fe74d878243e850b8c1ec50ea5312b1a48Rubin Xuget_prop(logd, device_logging_prop) 280c8286fe74d878243e850b8c1ec50ea5312b1a48Rubin Xu 298ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzynr_dir_file(logd, domain) 308ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn 31664ef57be49889a329c599655f6be7a188c404d3Mark Salyzynallow logd kernel:system syslog_mod; 32664ef57be49889a329c599655f6be7a188c404d3Mark Salyzyn 3361d665af16ea54a3a650da4e443c6d9e251b05cfMark Salyzyncontrol_logd(logd) 34d33a9a194b1333113671a1353fab60d2df3478a5Mark Salyzynread_runtime_log_tags(logd) 35d33a9a194b1333113671a1353fab60d2df3478a5Mark Salyzyn 36d33a9a194b1333113671a1353fab60d2df3478a5Mark Salyzynallow runtime_event_log_tags_file tmpfs:filesystem associate; 37d33a9a194b1333113671a1353fab60d2df3478a5Mark Salyzyn# Typically harmlessly blindly trying to access via liblog 38d33a9a194b1333113671a1353fab60d2df3478a5Mark Salyzyn# event tag mapping while in the untrusted_app domain. 39d33a9a194b1333113671a1353fab60d2df3478a5Mark Salyzyn# Access for that domain is controlled and gated via the 40d33a9a194b1333113671a1353fab60d2df3478a5Mark Salyzyn# event log tag service (albeit at a performance penalty, 41d33a9a194b1333113671a1353fab60d2df3478a5Mark Salyzyn# expected to be locally cached). 42d33a9a194b1333113671a1353fab60d2df3478a5Mark Salyzyndontaudit domain runtime_event_log_tags_file:file { open read }; 4361d665af16ea54a3a650da4e443c6d9e251b05cfMark Salyzyn 448ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn### 458ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn### Neverallow rules 468ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn### 478ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn### logd should NEVER do any of this 488ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn 498ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn# Block device access. 508ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzynneverallow logd dev_type:blk_file { read write }; 518ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn 528ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn# ptrace any other app 538ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzynneverallow logd domain:process ptrace; 548ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn 55cb5f4a3dd8acd5c58bb2f0e65c6b4c256a1ec614Nick Kralevich# ... and nobody may ptrace me (except on userdebug or eng builds) 56cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaoneverallow { domain userdebug_or_eng(`-crash_dump') } logd:process ptrace; 57cb5f4a3dd8acd5c58bb2f0e65c6b4c256a1ec614Nick Kralevich 588ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn# Write to /system. 598ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzynneverallow logd system_file:dir_file_class_set write; 608ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn 618ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn# Write to files in /data/data or system files on /data 628ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzynneverallow logd { app_data_file system_data_file }:dir_file_class_set write; 63df125b90b456748f834df06e69d9e8aa05054c69Mark Salyzyn 64df125b90b456748f834df06e69d9e8aa05054c69Mark Salyzyn# Only init is allowed to enter the logd domain via exec() 65df125b90b456748f834df06e69d9e8aa05054c69Mark Salyzynneverallow { domain -init } logd:process transition; 66df125b90b456748f834df06e69d9e8aa05054c69Mark Salyzynneverallow * logd:process dyntransition; 67d33a9a194b1333113671a1353fab60d2df3478a5Mark Salyzyn 68d33a9a194b1333113671a1353fab60d2df3478a5Mark Salyzyn# protect the event-log-tags file 69384ce66246ea60a56a10e0bebb3c33647bb03a51Mark Salyzynneverallow { 70384ce66246ea60a56a10e0bebb3c33647bb03a51Mark Salyzyn domain 71384ce66246ea60a56a10e0bebb3c33647bb03a51Mark Salyzyn -init 72384ce66246ea60a56a10e0bebb3c33647bb03a51Mark Salyzyn -logd 73384ce66246ea60a56a10e0bebb3c33647bb03a51Mark Salyzyn} runtime_event_log_tags_file:file no_w_file_perms; 74