commit e5fc21c787981c599de4297d46546bc131fac9b9
author Yabin Cui <yabinc@google.com> Thu Jan 10 15:34:08 2019 -0800
committer Yabin Cui <yabinc@google.com> Wed Jan 23 23:23:09 2019 +0000
tree d1d71de5d48211d6937e0cb41db8df4dfbbb4de6
parent b1f34ddaf7a817d6cf17d3f2e2f69e05f56efb7f

Add sepolicy for simpleperf_app_runner.

Bug: 118835348
Test: build and boot pixel 3.
Test: run simpleperf_app_runner manually.

Change-Id: Ifb6c2ab78e075684bc197d06f761becced8281d1

private/compat/26.0/26.0.ignore.cil

diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 3633181..c9c127f 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -144,6 +144,8 @@
     secure_element_tmpfs
     secure_element_service
     server_configurable_flags_data_file
+    simpleperf_app_runner
+    simpleperf_app_runner_exec
     slice_service
     staging_data_file
     stats

private/compat/27.0/27.0.ignore.cil

diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 3b7f7ff..ddd4e06 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -131,6 +131,8 @@
     secure_element_service
     secure_element_tmpfs
     server_configurable_flags_data_file
+    simpleperf_app_runner
+    simpleperf_app_runner_exec
     slice_service
     stats
     stats_data_file

private/compat/28.0/28.0.ignore.cil

diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 8797d67..634d4a7 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -86,6 +86,8 @@
     runtime_service
     sensor_privacy_service
     server_configurable_flags_data_file
+    simpleperf_app_runner
+    simpleperf_app_runner_exec
     super_block_device
     system_event_log_tags_file
     system_lmk_prop

private/file_contexts

diff --git a/private/file_contexts b/private/file_contexts
index 474c637..01c5bb0 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -314,6 +314,7 @@
 /system/bin/watchdogd            u:object_r:watchdogd_exec:s0
 /system/bin/apexd                u:object_r:apexd_exec:s0
 /system/bin/gsid                 u:object_r:gsid_exec:s0
+/system/bin/simpleperf_app_runner    u:object_r:simpleperf_app_runner_exec:s0
 
 #############################
 # Vendor files

private/simpleperf_app_runner.te

diff --git a/private/simpleperf_app_runner.te b/private/simpleperf_app_runner.te
new file mode 100644
index 0000000..8501826
--- /dev/null
+++ b/private/simpleperf_app_runner.te
@@ -0,0 +1,3 @@
+typeattribute simpleperf_app_runner coredomain;
+
+domain_auto_trans(shell, simpleperf_app_runner_exec, simpleperf_app_runner)

public/domain.te

diff --git a/public/domain.te b/public/domain.te
index 7c3a110..d29adc2 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1205,8 +1205,9 @@
   -zygote
 } shell:process { transition dyntransition };
 
-# Only domains spawned from zygote and runas may have the appdomain attribute.
-neverallow { domain -runas -app_zygote -webview_zygote -zygote } {
+# Only domains spawned from zygote, runas and simpleperf_app_runner may have the appdomain
+# attribute.
+neverallow { domain -simpleperf_app_runner -runas -app_zygote -webview_zygote -zygote } {
   appdomain -shell userdebug_or_eng(`-su')
 }:process { transition dyntransition };
 

public/simpleperf_app_runner.te

diff --git a/public/simpleperf_app_runner.te b/public/simpleperf_app_runner.te
new file mode 100644
index 0000000..cabf04b
--- /dev/null
+++ b/public/simpleperf_app_runner.te
@@ -0,0 +1,34 @@
+type simpleperf_app_runner, domain, mlstrustedsubject;
+type simpleperf_app_runner_exec, system_file_type, exec_type, file_type;
+
+# run simpleperf_app_runner in adb shell.
+allow simpleperf_app_runner adbd:fd use;
+allow simpleperf_app_runner shell:fd use;
+allow simpleperf_app_runner devpts:chr_file { read write ioctl };
+
+# simpleperf_app_runner reads package information.
+allow simpleperf_app_runner system_data_file:file r_file_perms;
+allow simpleperf_app_runner system_data_file:lnk_file getattr;
+
+# The app's data dir may be accessed through a symlink.
+allow simpleperf_app_runner system_data_file:lnk_file read;
+
+# simpleperf_app_runner switches to the app UID/GID.
+allow simpleperf_app_runner self:global_capability_class_set { setuid setgid };
+
+# simpleperf_app_runner switches to the app security context.
+selinux_check_context(simpleperf_app_runner) # validate context
+allow simpleperf_app_runner self:process setcurrent;
+allow simpleperf_app_runner untrusted_app_all:process dyntransition; # setcon
+
+# simpleperf_app_runner/libselinux needs access to seapp_contexts_file to
+# determine which domain to transition to.
+allow simpleperf_app_runner seapp_contexts_file:file r_file_perms;
+
+###
+### neverallow rules
+###
+
+# simpleperf_app_runner cannot have capabilities other than CAP_SETUID and CAP_SETGID
+neverallow simpleperf_app_runner self:global_capability_class_set ~{ setuid setgid };
+neverallow simpleperf_app_runner self:global_capability2_class_set *;