sepolicy/public/logd.te

8ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn# android user-space log manager
5c4435af892da63ce3832533dc79af18ade24bbaJeff Vander Stoeptype logd, domain, mlstrustedsubject;
8ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyntype logd_exec, exec_type, file_type;
8ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn
2f3979a778d8fbe4e0a8ea0206fdaa823eb0aabdJeff Vander Stoep# Read access to pseudo filesystems.
7ef80731f20bdafc23eb5bedeb063247933fc8aaJeff Vander Stoepr_dir_file(logd, cgroup)
87ed5e8dbf220fd36471bdfbd42bf692c0371fc1Tri Vor_dir_file(logd, proc_kmsg)
7ef80731f20bdafc23eb5bedeb063247933fc8aaJeff Vander Stoepr_dir_file(logd, proc_meminfo)
2f3979a778d8fbe4e0a8ea0206fdaa823eb0aabdJeff Vander Stoepr_dir_file(logd, proc_net)
2f3979a778d8fbe4e0a8ea0206fdaa823eb0aabdJeff Vander Stoep
9b2e0cbeeaae560b07e4ffa6e5b8e505699e4a76Benjamin Gordonallow logd self:global_capability_class_set { setuid setgid setpcap sys_nice audit_control };
9b2e0cbeeaae560b07e4ffa6e5b8e505699e4a76Benjamin Gordonallow logd self:global_capability2_class_set syslog;
bff9801521abb36a243131114e70f905fb1238efJeff Vander Stoepallow logd self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_write };
238a654f4ac0ce69a8e88d96adb55667c274d91cMark Salyzynallow logd kernel:system syslog_read;
6252b631a78dd16168c8302c08659f939de9c65fMark Salyzynallow logd kmsg_device:chr_file w_file_perms;
7ef80731f20bdafc23eb5bedeb063247933fc8aaJeff Vander Stoepallow logd system_data_file:{ file lnk_file } r_file_perms;
384ce66246ea60a56a10e0bebb3c33647bb03a51Mark Salyzynallow logd pstorefs:dir search;
384ce66246ea60a56a10e0bebb3c33647bb03a51Mark Salyzynallow logd pstorefs:file r_file_perms;
384ce66246ea60a56a10e0bebb3c33647bb03a51Mark Salyzynuserdebug_or_eng(`
384ce66246ea60a56a10e0bebb3c33647bb03a51Mark Salyzyn  # Access to /data/misc/logd/event-log-tags
384ce66246ea60a56a10e0bebb3c33647bb03a51Mark Salyzyn  allow logd misc_logd_file:dir r_dir_perms;
384ce66246ea60a56a10e0bebb3c33647bb03a51Mark Salyzyn  allow logd misc_logd_file:file rw_file_perms;
384ce66246ea60a56a10e0bebb3c33647bb03a51Mark Salyzyn')
384ce66246ea60a56a10e0bebb3c33647bb03a51Mark Salyzynallow logd runtime_event_log_tags_file:file rw_file_perms;
8ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn
0c8286fe74d878243e850b8c1ec50ea5312b1a48Rubin Xu# Access device logging gating property
0c8286fe74d878243e850b8c1ec50ea5312b1a48Rubin Xuget_prop(logd, device_logging_prop)
0c8286fe74d878243e850b8c1ec50ea5312b1a48Rubin Xu
8ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzynr_dir_file(logd, domain)
8ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn
664ef57be49889a329c599655f6be7a188c404d3Mark Salyzynallow logd kernel:system syslog_mod;
664ef57be49889a329c599655f6be7a188c404d3Mark Salyzyn
61d665af16ea54a3a650da4e443c6d9e251b05cfMark Salyzyncontrol_logd(logd)
d33a9a194b1333113671a1353fab60d2df3478a5Mark Salyzynread_runtime_log_tags(logd)
d33a9a194b1333113671a1353fab60d2df3478a5Mark Salyzyn
d33a9a194b1333113671a1353fab60d2df3478a5Mark Salyzynallow runtime_event_log_tags_file tmpfs:filesystem associate;
d33a9a194b1333113671a1353fab60d2df3478a5Mark Salyzyn# Typically harmlessly blindly trying to access via liblog
d33a9a194b1333113671a1353fab60d2df3478a5Mark Salyzyn# event tag mapping while in the untrusted_app domain.
d33a9a194b1333113671a1353fab60d2df3478a5Mark Salyzyn# Access for that domain is controlled and gated via the
d33a9a194b1333113671a1353fab60d2df3478a5Mark Salyzyn# event log tag service (albeit at a performance penalty,
d33a9a194b1333113671a1353fab60d2df3478a5Mark Salyzyn# expected to be locally cached).
d33a9a194b1333113671a1353fab60d2df3478a5Mark Salyzyndontaudit domain runtime_event_log_tags_file:file { open read };
61d665af16ea54a3a650da4e443c6d9e251b05cfMark Salyzyn
8ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn###
8ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn### Neverallow rules
8ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn###
8ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn### logd should NEVER do any of this
8ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn
8ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn# Block device access.
8ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzynneverallow logd dev_type:blk_file { read write };
8ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn
8ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn# ptrace any other app
8ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzynneverallow logd domain:process ptrace;
8ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn
cb5f4a3dd8acd5c58bb2f0e65c6b4c256a1ec614Nick Kralevich# ... and nobody may ptrace me (except on userdebug or eng builds)
cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaoneverallow { domain userdebug_or_eng(`-crash_dump') } logd:process ptrace;
cb5f4a3dd8acd5c58bb2f0e65c6b4c256a1ec614Nick Kralevich
8ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn# Write to /system.
8ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzynneverallow logd system_file:dir_file_class_set write;
8ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn
8ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzyn# Write to files in /data/data or system files on /data
8ed750e9731e6e3a21785e91e9b1cf7390c16738Mark Salyzynneverallow logd { app_data_file system_data_file }:dir_file_class_set write;
df125b90b456748f834df06e69d9e8aa05054c69Mark Salyzyn
df125b90b456748f834df06e69d9e8aa05054c69Mark Salyzyn# Only init is allowed to enter the logd domain via exec()
df125b90b456748f834df06e69d9e8aa05054c69Mark Salyzynneverallow { domain -init } logd:process transition;
df125b90b456748f834df06e69d9e8aa05054c69Mark Salyzynneverallow * logd:process dyntransition;
d33a9a194b1333113671a1353fab60d2df3478a5Mark Salyzyn
d33a9a194b1333113671a1353fab60d2df3478a5Mark Salyzyn# protect the event-log-tags file
384ce66246ea60a56a10e0bebb3c33647bb03a51Mark Salyzynneverallow {
384ce66246ea60a56a10e0bebb3c33647bb03a51Mark Salyzyn  domain
384ce66246ea60a56a10e0bebb3c33647bb03a51Mark Salyzyn  -init
384ce66246ea60a56a10e0bebb3c33647bb03a51Mark Salyzyn  -logd
384ce66246ea60a56a10e0bebb3c33647bb03a51Mark Salyzyn} runtime_event_log_tags_file:file no_w_file_perms;