From 2a5b8f3c607357b100925b264c54d07a24824b7e Mon Sep 17 00:00:00 2001
From: Bertrand SIMONNET <bsimonnet@google.com>
Date: Mon, 30 Nov 2015 09:58:56 -0800
Subject: sepolicy: Split metrics' policy into three.

metrics is no longer a monolithical daemon. We should split the policy
to allow finer grain permissions for each component.

Bug: 25886508
Test: device boots and reports no errors.

Change-Id: I8789bb241911769298e8d2a2727cbe21d652503f
---
 sepolicy/crash_reporter.te    |  5 ++---
 sepolicy/file_contexts        | 17 ++++++++++++-----
 sepolicy/metrics.te           | 37 -------------------------------------
 sepolicy/metrics_collector.te | 41 +++++++++++++++++++++++++++++++++++++++++
 sepolicy/metricsd.te          | 28 ++++++++++++++++++++++++++++
 sepolicy/shill.te             |  5 +++--
 sepolicy/te_macros            |  8 ++++++++
 sepolicy/update_engine.te     |  3 +--
 8 files changed, 95 insertions(+), 49 deletions(-)
 delete mode 100644 sepolicy/metrics.te
 create mode 100644 sepolicy/metrics_collector.te
 create mode 100644 sepolicy/metricsd.te

diff --git a/sepolicy/crash_reporter.te b/sepolicy/crash_reporter.te
index 4a71f2d..3678396 100644
--- a/sepolicy/crash_reporter.te
+++ b/sepolicy/crash_reporter.te
@@ -13,11 +13,10 @@ brillo_domain(crash_reporter)
 allow crash_reporter crash_reporter:capability { setgid };
 
 # Allow calling `metrics_client -c`.
-allow crash_reporter metrics_exec:file rx_file_perms;
+allow crash_reporter metrics_client_exec:file rx_file_perms;
 
 # Allow using metrics_lib.
-allow crash_reporter metrics_data_file:dir ra_dir_perms;
-allow crash_reporter metrics_data_file:file create_file_perms;
+allow_metrics_reporting(crash_reporter)
 
 # Allow setting crash reporter properties.
 set_prop(crash_reporter, crash_reporter_prop)
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 374d13c..f011819 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -20,12 +20,19 @@
 /system/bin/webservd       u:object_r:webservd_exec:s0
 /data/misc/webservd(/.*)?  u:object_r:webservd_data_file:s0
 
+# Context for shared metrics files.
 /data/misc/metrics(/.*)?            u:object_r:metrics_data_file:s0
-/data/misc/metricsd(/.*)?           u:object_r:metrics_data_file:s0
-/data/misc/metrics_collector(/.*)?  u:object_r:metrics_data_file:s0
-/system/bin/metricsd                u:object_r:metrics_exec:s0
-/system/bin/metrics_collector       u:object_r:metrics_exec:s0
-/system/bin/metrics_client          u:object_r:metrics_exec:s0
+
+# Context for private metricsd files.
+/data/misc/metricsd(/.*)?           u:object_r:metricsd_data_file:s0
+/system/bin/metricsd                u:object_r:metricsd_exec:s0
+
+# Context for private metrics_collector files.
+/data/misc/metrics_collector(/.*)?  u:object_r:metrics_collector_data_file:s0
+/system/bin/metrics_collector       u:object_r:metrics_collector_exec:s0
+
+# Context for metrics_client.
+/system/bin/metrics_client          u:object_r:metrics_client_exec:s0
 
 /data/misc/weaved(/.*)?    u:object_r:weaved_data_file:s0
 /system/bin/weaved         u:object_r:weaved_exec:s0
diff --git a/sepolicy/metrics.te b/sepolicy/metrics.te
deleted file mode 100644
index 60b762a..0000000
--- a/sepolicy/metrics.te
+++ /dev/null
@@ -1,37 +0,0 @@
-# metrics.
-type metrics, domain;
-type metrics_exec, exec_type, file_type;
-type metrics_data_file, file_type, data_file_type;
-
-brillo_domain(metrics)
-net_domain(metrics)
-
-# Allow crash_reporter access to core dump files.
-allow_crash_reporter(metrics)
-
-# Rules for the metrics daemon.
-allow metrics metrics_data_file:dir rw_dir_perms;
-allow metrics metrics_data_file:file create_file_perms;
-allow metrics block_device:blk_file getattr;
-allow metrics block_device:dir search;
-
-allow metrics labeledfs:filesystem getattr;
-allow metrics proc:dir search;
-allow metrics proc:file read;
-allow metrics sysfs:dir read;
-allow metrics sysfs_devices_system_cpu:dir search;
-allow metrics zoneinfo_data_file:dir search;
-
-allow metrics proc:file r_file_perms;
-
-allow metrics sysfs:dir open;
-allow metrics sysfs:file r_file_perms;
-allow metrics sysfs:filesystem getattr;
-allow metrics sysfs:lnk_file read;
-
-r_dir_file(metrics, sysfs_devices_system_cpu)
-
-allow metrics system_file:dir getattr;
-
-# Allow reading os-release.d properties.
-r_dir_file(metrics, os_release_file);
diff --git a/sepolicy/metrics_collector.te b/sepolicy/metrics_collector.te
new file mode 100644
index 0000000..ccaf5f6
--- /dev/null
+++ b/sepolicy/metrics_collector.te
@@ -0,0 +1,41 @@
+###############################
+# metrics_collector.
+type metrics_collector, domain;
+type metrics_collector_exec, exec_type, file_type;
+type metrics_collector_data_file, file_type, data_file_type;
+
+brillo_domain(metrics_collector)
+
+# Allow crash_reporter access to core dump files.
+allow_crash_reporter(metrics_collector)
+
+# Allow metrics_collector to report metrics.
+allow_metrics_reporting(metrics_collector)
+
+# Rules for the metrics_collector daemon.
+allow metrics_collector metrics_collector_data_file:dir rw_dir_perms;
+allow metrics_collector metrics_collector_data_file:file create_file_perms;
+allow metrics_collector block_device:blk_file getattr;
+allow metrics_collector block_device:dir search;
+
+allow metrics_collector labeledfs:filesystem getattr;
+allow metrics_collector proc:dir search;
+allow metrics_collector proc:file r_file_perms;
+allow metrics_collector sysfs:dir read;
+allow metrics_collector sysfs_devices_system_cpu:dir search;
+
+allow metrics_collector sysfs:dir open;
+allow metrics_collector sysfs:file r_file_perms;
+allow metrics_collector sysfs:filesystem getattr;
+allow metrics_collector sysfs:lnk_file read;
+
+r_dir_file(metrics_collector, sysfs_devices_system_cpu)
+
+allow metrics_collector system_file:dir getattr;
+
+# Allow reading os-release.d properties.
+r_dir_file(metrics_collector, os_release_file);
+
+################################
+# metrics_client
+type metrics_client_exec, exec_type, file_type;
diff --git a/sepolicy/metricsd.te b/sepolicy/metricsd.te
new file mode 100644
index 0000000..089e546
--- /dev/null
+++ b/sepolicy/metricsd.te
@@ -0,0 +1,28 @@
+# Shared metrics files.
+type metrics_data_file, file_type, data_file_type;
+
+###############################
+# metricsd
+type metricsd, domain;
+type metricsd_exec, exec_type, file_type;
+type metricsd_data_file, file_type, data_file_type;
+
+brillo_domain(metricsd)
+net_domain(metricsd)
+
+# Allow crash_reporter access to core dump files.
+allow_crash_reporter(metricsd)
+
+# Rules for accessing the private files.
+allow metricsd metricsd_data_file:dir rw_dir_perms;
+allow metricsd metricsd_data_file:file create_file_perms;
+
+# Rules for accessing the shared files.
+allow metricsd metrics_data_file:dir rw_dir_perms;
+allow metricsd metrics_data_file:file create_file_perms;
+
+allow metricsd zoneinfo_data_file:dir search;
+allow metricsd system_file:dir getattr;
+
+# Allow reading os-release.d properties.
+r_dir_file(metricsd, os_release_file);
diff --git a/sepolicy/shill.te b/sepolicy/shill.te
index 4e65282..f534dd8 100644
--- a/sepolicy/shill.te
+++ b/sepolicy/shill.te
@@ -9,6 +9,9 @@ net_domain(shill)
 # Allow crash_reporter access to core dump files.
 allow_crash_reporter(shill)
 
+# Allow shill to report metrics.
+allow_metrics_reporting(shill)
+
 file_type_auto_trans(shill, system_data_file, shill_data_file)
 
 # Following permissions are needed for shill.
@@ -17,8 +20,6 @@ allow shill self:packet_socket create_socket_perms;
 allow shill self:netlink_socket create_socket_perms;
 allow shill self:netlink_route_socket { rw_socket_perms nlmsg_write };
 allow shill proc_net:file w_file_perms;
-allow shill metrics_data_file:dir rw_dir_perms;
-allow shill metrics_data_file:file create_file_perms;
 allow shill sysfs:file w_file_perms;
 allow shill wifi_sysfs_entry:file rw_file_perms;
 allow shill self:capability { setuid setgid fsetid kill net_admin net_bind_service net_raw sys_module dac_override fowner };
diff --git a/sepolicy/te_macros b/sepolicy/te_macros
index 1277dda..da40c55 100644
--- a/sepolicy/te_macros
+++ b/sepolicy/te_macros
@@ -30,3 +30,11 @@ define(`allow_power_management', `
 allow $1 power_service:service_manager find;
 binder_call($1, nativepowerman)
 ')
+
+#####################################
+# allow_metrics_reporting(domain)
+# Allow a domain to log metrics using libmetrics.
+define(`allow_metrics_reporting', `
+allow $1 metrics_data_file:dir rw_dir_perms;
+allow $1 metrics_data_file:file create_file_perms;
+')
diff --git a/sepolicy/update_engine.te b/sepolicy/update_engine.te
index 39d4d81..cadbe98 100644
--- a/sepolicy/update_engine.te
+++ b/sepolicy/update_engine.te
@@ -6,8 +6,7 @@
 unix_socket_connect(update_engine, dbus_daemon, dbus_daemon)
 
 # Allow using metrics_lib.
-allow update_engine metrics_data_file:dir ra_dir_perms;
-allow update_engine metrics_data_file:file create_file_perms;
+allow_metrics_reporting(update_engine)
 
 # Allow read/write on misc partition. This can be removed when we're no
 # longer using the boot_control_copy implementation of the boot_control
-- 
cgit v1.2.3