Merge "SELinux policy changes for uprobe." into main
diff --git a/private/bpfloader.te b/private/bpfloader.te
index eecda30..0ad2c6b 100644
--- a/private/bpfloader.te
+++ b/private/bpfloader.te
@@ -41,7 +41,8 @@
neverallow { domain -bpfloader -netd -network_stack -system_server } fs_bpf_netd_readonly:file { getattr read };
neverallow { domain -bpfloader -netd -netutils_wrapper -network_stack -system_server } fs_bpf_netd_shared:file { getattr read };
neverallow { domain -bpfloader -network_stack } fs_bpf_tethering:file { getattr read };
-neverallow { domain -bpfloader -gpuservice -netd -netutils_wrapper -network_stack -system_server } { bpffs_type -fs_bpf_vendor }:file write;
+neverallow { domain -bpfloader -uprobestats } fs_bpf_uprobe_private:file { getattr read };
+neverallow { domain -bpfloader -gpuservice -netd -netutils_wrapper -network_stack -system_server -uprobestats } { bpffs_type -fs_bpf_vendor }:file write;
neverallow { domain -bpfloader } bpffs_type:lnk_file ~read;
neverallow { domain -bpfdomain } bpffs_type:lnk_file read;
@@ -62,8 +63,9 @@
-netutils_wrapper
-network_stack
-system_server
+ -uprobestats
} *:bpf prog_run;
-neverallow { domain -bpfloader -gpuservice -lmkd -mediaprovider_app -netd -network_stack -system_server } *:bpf { map_read map_write };
+neverallow { domain -bpfloader -gpuservice -lmkd -mediaprovider_app -netd -network_stack -system_server -uprobestats } *:bpf { map_read map_write };
neverallow { domain -bpfloader -init } bpfloader_exec:file { execute execute_no_trans };
neverallow { coredomain -bpfloader } fs_bpf_vendor:file *;
diff --git a/private/domain.te b/private/domain.te
index 769264b..1b8fcf7 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -679,6 +679,15 @@
# Restrict write access to etm sysfs interface.
neverallow { domain -ueventd -vendor_init } sysfs_devices_cs_etm:file no_w_file_perms;
+# Restrict CAP_PERFMON.
+neverallow {
+ domain
+ -init
+ userdebug_or_eng(`-simpleperf_boot')
+ -kernel
+ -uprobestats
+} self:capability2 perfmon;
+
# Restrict direct access to shell owned files. The /data/local/tmp directory is
# untrustworthy, and non-allowed domains should not be trusting any content in
# those directories. We allow shell files to be passed around by file
diff --git a/private/file.te b/private/file.te
index efdf4d1..ee5f047 100644
--- a/private/file.te
+++ b/private/file.te
@@ -8,6 +8,7 @@
type fs_bpf_netd_readonly, fs_type, bpffs_type;
type fs_bpf_netd_shared, fs_type, bpffs_type;
type fs_bpf_loader, fs_type, bpffs_type;
+type fs_bpf_uprobe_private, fs_type, bpffs_type;
# /data/misc/storaged
type storaged_data_file, file_type, data_file_type, core_data_file_type;
@@ -142,3 +143,6 @@
# Type for /system/fonts/font_fallback.xm
type system_font_fallback_file, system_file_type, file_type;
+
+# Type for /sys/devices/uprobe.
+type sysfs_uprobe, fs_type, sysfs_type;
diff --git a/private/file_contexts b/private/file_contexts
index 6ac2400..2b9efc9 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -383,6 +383,7 @@
/system/bin/cardisplayproxyd u:object_r:automotive_display_service_exec:s0
/system/bin/evsmanagerd u:object_r:evsmanagerd_exec:s0
/system/bin/android\.automotive\.evs\.manager@1\.[0-9]+ u:object_r:evsmanagerd_exec:s0
+/system/bin/uprobestats u:object_r:uprobestats_exec:s0
#############################
# Vendor files
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 3d5c357..f35f268 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -177,6 +177,7 @@
genfscon sysfs /devices/virtual/timed_output/vibrator/enable u:object_r:sysfs_vibrator:s0
genfscon sysfs /devices/virtual/misc/uhid u:object_r:sysfs_uhid:s0
genfscon sysfs /kernel/vendor_sched u:object_r:sysfs_vendor_sched:s0
+genfscon sysfs /devices/uprobe u:object_r:sysfs_uprobe:s0
genfscon debugfs /kprobes u:object_r:debugfs_kprobes:s0
genfscon debugfs /mmc0 u:object_r:debugfs_mmc:s0
@@ -411,3 +412,4 @@
genfscon bpf /netd_shared u:object_r:fs_bpf_netd_shared:s0
genfscon bpf /tethering u:object_r:fs_bpf_tethering:s0
genfscon bpf /vendor u:object_r:fs_bpf_vendor:s0
+genfscon bpf /uprobe_private u:object_r:fs_bpf_uprobe_private:s0
diff --git a/private/uprobestats.te b/private/uprobestats.te
new file mode 100644
index 0000000..f2a4ae3
--- /dev/null
+++ b/private/uprobestats.te
@@ -0,0 +1,16 @@
+type uprobestats, domain, coredomain;
+
+typeattribute uprobestats bpfdomain;
+
+type uprobestats_exec, system_file_type, exec_type, file_type;
+
+# Allow uprobestats to be invoked by statsd.
+domain_auto_trans(statsd, uprobestats_exec, uprobestats)
+
+allow uprobestats fs_bpf_uprobe_private:file { read write };
+allow uprobestats fs_bpf_uprobe_private:dir search;
+allow uprobestats bpfloader:bpf { map_read map_write prog_run };
+allow uprobestats self:capability2 perfmon;
+allow uprobestats self:perf_event { cpu open write };
+allow uprobestats sysfs_uprobe:file { open read };
+allow uprobestats sysfs_uprobe:dir { search };
