Commits

Stephen Smalley committed 037da44

Allow surfaceflinger execmem permission.

Otherwise we get the following denial on 4.4 (on goldfish 3.4):
type=1400 audit(1383590252.110:212): avc: denied { execmem } for pid=58 comm="surfaceflinger" scontext=u:r:surfaceflinger:s0 tcontext=u:r:surfaceflinger:s0 tclass=process
type=1300 audit(1383590252.110:212): arch=40000028 syscall=192 per=800000 success=no exit=-13 a0=0 a1=100000 a2=7 a3=2 items=0 ppid=1 pid=58 auid=4294967295 uid=1000 gid=1003 euid=1000 suid=1000 fsuid=1000 egid=1003 sgid=1003 fsgid=1003 tty=(none) ses=4294967295 comm="surfaceflinger" exe="/system/bin/surfaceflinger" subj=u:r:surfaceflinger:s0 key=(null)
type=1701 audit(1383590252.990:214): auid=4294967295 uid=1000 gid=1003 ses=4294967295 subj=u:r:surfaceflinger:s0 pid=58 comm="surfaceflinger" reason="memory violation" sig=11

And the following output in logcat:
I/DEBUG ( 56): pid: 58, tid: 58, name: surfaceflinger >>> /system/bin/surfaceflinger <<<
I/DEBUG ( 56): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 00000010
I/DEBUG ( 56): r0 00000010 r1 00000000 r2 000001d0 r3 00000000
I/DEBUG ( 56): AM write failure (32 / Broken pipe)
I/DEBUG ( 56): r4 00000000 r5 00000000 r6 00000000 r7 00000000
I/DEBUG ( 56): r8 b8c28d78 r9 b6785f44 sl b8c17fc0 fp be9ba400
I/DEBUG ( 56): ip 00000000 sp be9ba258 lr 00000000 pc b6e7f230 cpsr 60000010
I/DEBUG ( 56): d0 43f0000000000000 d1 3f80000000000000
I/DEBUG ( 56): d2 3f8000003f800000 d3 432000003f800000
I/DEBUG ( 56): d4 3f00000043700000 d5 432000003f800000
I/DEBUG ( 56): d6 0000000000000000 d7 bf80000000000000
I/DEBUG ( 56): d8 000000003f800000 d9 000000003f800000
I/DEBUG ( 56): d10 0000000000000000 d11 0000000000000000
I/DEBUG ( 56): d12 0000000000000000 d13 0000000000000000
I/DEBUG ( 56): d14 0000000000000000 d15 0000000000000000
I/DEBUG ( 56): scr 20000010
I/DEBUG ( 56):
I/DEBUG ( 56): backtrace:
I/DEBUG ( 56): #00 pc 00022230 /system/lib/libc.so (memset+112)
I/DEBUG ( 56): #01 pc 00011719 /system/lib/libpixelflinger.so (create_mspace_with_base+68)
I/DEBUG ( 56): #02 pc 00012d55 /system/lib/libpixelflinger.so
I/DEBUG ( 56): #03 pc 00012e5b /system/lib/libpixelflinger.so (android::Assembly::Assembly(unsigned int)+22)
I/DEBUG ( 56): #04 pc 0000f5f4 /system/lib/libpixelflinger.so
I/DEBUG ( 56): #05 pc 0000f7b8 /system/lib/libpixelflinger.so (android::ggl_pick_scanline(android::context_t*)+8)
I/DEBUG ( 56): #06 pc 0000a4d8 /system/lib/libpixelflinger.so (android::ggl_pick(android::context_t*)+780)
I/DEBUG ( 56): #07 pc 0000b9f4 /system/lib/libpixelflinger.so
I/DEBUG ( 56): #08 pc 0000b200 /system/lib/egl/libGLES_android.so
I/DEBUG ( 56): #09 pc 00003b84 /system/lib/egl/libGLES_android.so
I/DEBUG ( 56): #10 pc 0000535c /system/lib/egl/libGLES_android.so (glDrawArrays+184)
I/DEBUG ( 56): #11 pc 0002149f /system/lib/libsurfaceflinger.so
I/DEBUG ( 56): #12 pc 00013cab /system/lib/libsurfaceflinger.so
I/DEBUG ( 56): #13 pc 000154ef /system/lib/libsurfaceflinger.so
I/DEBUG ( 56): #14 pc 0001398d /system/lib/libsurfaceflinger.so
I/DEBUG ( 56): #15 pc 00016e47 /system/lib/libsurfaceflinger.so
I/DEBUG ( 56): #16 pc 00016f1b /system/lib/libsurfaceflinger.so
I/DEBUG ( 56): #17 pc 0001942d /system/lib/libsurfaceflinger.so
I/DEBUG ( 56): #18 pc 000195c9 /system/lib/libsurfaceflinger.so
I/DEBUG ( 56): #19 pc 0001a499 /system/lib/libsurfaceflinger.so
I/DEBUG ( 56): #20 pc 0000ec17 /system/lib/libutils.so (android::Looper::pollInner(int)+394)
I/DEBUG ( 56): #21 pc 0000ed19 /system/lib/libutils.so (android::Looper::pollOnce(int, int*, int*, void**)+92)
I/DEBUG ( 56): #22 pc 000158ed /system/lib/libsurfaceflinger.so
I/DEBUG ( 56): #23 pc 000166ff /system/lib/libsurfaceflinger.so (android::SurfaceFlinger::run()+6)
I/DEBUG ( 56): #24 pc 000008fd /system/bin/surfaceflinger
I/DEBUG ( 56): #25 pc 0000e23b /system/lib/libc.so (__libc_init+50)
I/DEBUG ( 56): #26 pc 000007dc /system/bin/surfaceflinger
I/DEBUG ( 56):
I/DEBUG ( 56): stack:
I/DEBUG ( 56): be9ba21800000000
I/DEBUG ( 56): be9ba21cb8c14c08 [heap]
I/DEBUG ( 56): be9ba22000000013
I/DEBUG ( 56): be9ba224be9ba230 [stack]
I/DEBUG ( 56): be9ba228b6706f4b /system/lib/hw/gralloc.default.so
I/DEBUG ( 56): be9ba22c00004601
I/DEBUG ( 56): be9ba230b67090d4 /system/lib/hw/gralloc.default.so
I/DEBUG ( 56): be9ba23403141592
I/DEBUG ( 56): be9ba23800000000
I/DEBUG ( 56): be9ba23c00000000
I/DEBUG ( 56): be9ba240be9ba288 [stack]
I/DEBUG ( 56): be9ba244b6d02eb3 /system/lib/libui.so (android::Fence::waitForever(char const*)+106)
I/DEBUG ( 56): be9ba24800000028
I/DEBUG ( 56): be9ba24c00100000
I/DEBUG ( 56): be9ba25000000000
I/DEBUG ( 56): be9ba25400000000
I/DEBUG ( 56): #00 be9ba25800000010
I/DEBUG ( 56): be9ba25c00000008
I/DEBUG ( 56): be9ba26000100000
I/DEBUG ( 56): be9ba264ffffffff
I/DEBUG ( 56): be9ba26800000010
I/DEBUG ( 56): be9ba26cb677771d /system/lib/libpixelflinger.so (create_mspace_with_base+72)
I/DEBUG ( 56): #01 be9ba27000000007
I/DEBUG ( 56): be9ba27400000000
I/DEBUG ( 56): be9ba278b67864cc /system/lib/libpixelflinger.so
I/DEBUG ( 56): be9ba27c0000001a
I/DEBUG ( 56): be9ba280be9ba2cc [stack]
I/DEBUG ( 56): be9ba284b6778d59 /system/lib/libpixelflinger.so
I/DEBUG ( 56): #02 be9ba2880000001a
I/DEBUG ( 56): be9ba28c00000000
I/DEBUG ( 56): be9ba290b8c28d78 [heap]
I/DEBUG ( 56): be9ba29400000800
I/DEBUG ( 56): be9ba298be9ba2dc [stack]
I/DEBUG ( 56): be9ba29cb6778e5f /system/lib/libpixelflinger.so (android::Assembly::Assembly(unsigned int)+26)
I/DEBUG ( 56):
I/DEBUG ( 56): memory near r8:
I/DEBUG ( 56): b8c28d58000000000000001b0000000300000006
I/DEBUG ( 56): b8c28d68b8c2cb1000000000000000000000002b
I/DEBUG ( 56): b8c28d78b6785c4000000001b8c2afc000000000
I/DEBUG ( 56): b8c28d88b8c2b2f8b6e3a9b000000000b6e3a9b0
I/DEBUG ( 56): b8c28d980000002800000023b6cf4b3cb6cf4b64
I/DEBUG ( 56): b8c28da80000000000000000b6cf4bc4b8c28dc0
I/DEBUG ( 56): b8c28db8000000000000001b0000000100000001
I/DEBUG ( 56): b8c28dc8b8c28db000000000000000180000128b
I/DEBUG ( 56): b8c28dd8b6eefdb400000000b6d07d40b8c1f810
I/DEBUG ( 56): b8c28de8000000010000000700000010b6d07d40
I/DEBUG ( 56): b8c28df8b8c300d8000000010000000700000010
I/DEBUG ( 56): b8c28e08b6d07d40b8c1f9980000000100000007
I/DEBUG ( 56): b8c28e180000001000000005b8c15450b8c2a600
I/DEBUG ( 56): b8c28e28b8c2a0600000000600000001b8c20da0
I/DEBUG ( 56): b8c28e3800000000000000010000000000000140
I/DEBUG ( 56): b8c28e48000001e00000000000000000ffffffff
I/DEBUG ( 56):
I/DEBUG ( 56): memory near r9:
I/DEBUG ( 56): b6785f24b6785760b6778f09b6eaa35cb6785a50
I/DEBUG ( 56): b6785f34b67859e0b6785998b6785bc8b6ea6150
I/DEBUG ( 56): b6785f44000000000000000000000000b6e84d51
I/DEBUG ( 56): b6785f54b6e84c5db6e96830b6e6aaf1b6e6aadd
I/DEBUG ( 56): b6785f64b6e7dd28b6e7f1c0b6e968f8b6e72d83
I/DEBUG ( 56): b6785f74b6ebf3e8b6ec2755b6e7ea00b6e5a917
I/DEBUG ( 56): b6785f84b6e7ee5cb6ebf404b6e5a909b6e9667f
I/DEBUG ( 56): b6785f94b6e5a921b6ec2811b6e6edbdb6e7f84c
I/DEBUG ( 56): b6785fa4b6e8250db6762129b6ec1be5b6e87c59
I/DEBUG ( 56): b6785fb4b6e70bb5b6e7e6d0b6e817b1b6e71311
I/DEBUG ( 56): b6785fc4b6e81aedb6ec17b9b6e6fb25b6e702dd
I/DEBUG ( 56): b6785fd4b6e7d220b6ebf4ccb6ebf4e8b6e6bb38
I/DEBUG ( 56): b6785fe4b6e6b6c0b6e6b7bcb6e6b4a4b6e7e6ac
I/DEBUG ( 56): b6785ff4b6e7f7b5b6e969d4b6e6ab19b6786000
I/DEBUG ( 56): b6786004035151040000007700000a0100000000
I/DEBUG ( 56): b6786014ffffffffffffffffffffffff0000003f
I/DEBUG ( 56):
I/DEBUG ( 56): memory near sl:
I/DEBUG ( 56): b8c17fa0000100000000000100000000b8c1e1e0
I/DEBUG ( 56): b8c17fb0b8c1e1e0000030380000304000000001
I/DEBUG ( 56): b8c17fc0b6771af0b6771a8cb6771a44b67719e0
I/DEBUG ( 56): b8c17fd0b6770994b677076cb67708e0b6770bfc
I/DEBUG ( 56): b8c17fe0b67708c8b6770c90b67708d4b6770bf4
I/DEBUG ( 56): b8c17ff0b6770becb6770be0b6771028b6770570
I/DEBUG ( 56): b8c18000b67705a4b6770618b6770638b6770654
I/DEBUG ( 56): b8c18010b6770670b6770850b6770810b6770efc
I/DEBUG ( 56): b8c18020b6770f68b6770df8b677073cb6770714
I/DEBUG ( 56): b8c18030b67706ccb6770d94b67707d4b67707b4
I/DEBUG ( 56): b8c18040b677079cb6770d34b6770cf4b6770cb4
I/DEBUG ( 56): b8c18050b677ff4fb678007bb678005fb677febd
I/DEBUG ( 56): b8c18060b6780115b67800fdb678010700000000
I/DEBUG ( 56): b8c1807000000140000001e000000140b66bb000
I/DEBUG ( 56): b8c18080000000040000000000000000b67803c9
I/DEBUG ( 56): b8c18090b67805890000000000000140000001e0
I/DEBUG ( 56):
I/DEBUG ( 56): memory near fp:
I/DEBUG ( 56): be9ba3e001e000000140000001e0000000000000
I/DEBUG ( 56): be9ba3f00000000000000000b8c19400b8c19380
I/DEBUG ( 56): be9ba400b8c19300b8c17fc000002601be9ba438
I/DEBUG ( 56): be9ba4100000000000000be200000000be9ba448
I/DEBUG ( 56): be9ba42000002101b67757bcb8c17fc0b67704dc
I/DEBUG ( 56): be9ba430b8c19300b8c182a00351510400000077
I/DEBUG ( 56): be9ba4400000800100000000b8c19380b8c17fc0
I/DEBUG ( 56): be9ba450b8c19430b8c193b0b8c19330b8c19480
I/DEBUG ( 56): be9ba460b67927f00000000000000000b67719f8
I/DEBUG ( 56): be9ba470b8c19430b8c17fc0b8c19400b8c19380
I/DEBUG ( 56): be9ba480b8c19300b6792204b8c19400b8c19400
I/DEBUG ( 56): be9ba49000000002b8c17fc000000002b678ab88
I/DEBUG ( 56): be9ba4a00000000000000004b8c19300b8c19380
I/DEBUG ( 56): be9ba4b0b674f004b8c17fc00000000600000004
I/DEBUG ( 56): be9ba4c00000000000000001b8c1bfd800000001
I/DEBUG ( 56): be9ba4d0b8c1d12cb678c36000000000b8c20c7c
I/DEBUG ( 56):
I/DEBUG ( 56): memory near sp:
I/DEBUG ( 56): be9ba2380000000000000000be9ba288b6d02eb3
I/DEBUG ( 56): be9ba24800000028001000000000000000000000
I/DEBUG ( 56): be9ba258000000100000000800100000ffffffff
I/DEBUG ( 56): be9ba26800000010b677771d0000000700000000
I/DEBUG ( 56): be9ba278b67864cc0000001abe9ba2ccb6778d59
I/DEBUG ( 56): be9ba2880000001a00000000b8c28d7800000800
I/DEBUG ( 56): be9ba298be9ba2dcb6778e5fb8c28d7800000800
I/DEBUG ( 56): be9ba2a800008001b8c182a0b6785768b67755f8
I/DEBUG ( 56): be9ba2b800000023b6785f440000000000000000
I/DEBUG ( 56): be9ba2c8415b2ba7035151040000007700008001
I/DEBUG ( 56): be9ba2d800000000035151040000007700008001
I/DEBUG ( 56): be9ba2e800000000b67857680351510400000077
I/DEBUG ( 56): be9ba2f800008001000000000000000000000000
I/DEBUG ( 56): be9ba308000000000000000000000140000001e0
I/DEBUG ( 56): be9ba31800000000000000000000000000000000
I/DEBUG ( 56): be9ba328b8c1e2f0b8c14c0800000000b6ce00a3
I/DEBUG ( 56):
I/DEBUG ( 56): code around pc:
I/DEBUG ( 56): b6e7f210e1a07001e2603000e213301c0a000008
I/DEBUG ( 56): b6e7f220e15300028202301ce0422003e1b03e03
I/DEBUG ( 56): b6e7f23028a0400228a0400248a04002e1b03103
I/DEBUG ( 56): b6e7f24024801004e2522020e1a030014a000002
I/DEBUG ( 56): b6e7f250e2522020e8a050fa2afffffce2822020
I/DEBUG ( 56): b6e7f260e1b02e0228a0500a48a04002e1b02102
I/DEBUG ( 56): b6e7f2702480100440c010b2e1b0210225c01000
I/DEBUG ( 56): b6e7f280e8bd40f1e12fff1ef5d0f000f5d1f000
I/DEBUG ( 56): b6e7f290e0202001e31200031a000023e2102003
I/DEBUG ( 56): b6e7f2a0e3c00003e3c11003e490c00404913004
I/DEBUG ( 56): b6e7f2b00a000006e2222003e1a02182e3e034ff
I/DEBUG ( 56): b6e7f2c0e1a02233e4913004e18cc002e1833002
I/DEBUG ( 56): b6e7f2d0e52d4004e3a04001e1844404e1844804
I/DEBUG ( 56): b6e7f2e0f5d0f008f5d1f008e04c2004e15c0003
I/DEBUG ( 56): b6e7f2f001c2200c011203840490c00404913004
I/DEBUG ( 56): b6e7f3000afffff6e1a00c0ce1a0c42ce3500001
I/DEBUG ( 56):
I/DEBUG ( 56): code around lr:
I/DEBUG ( 56): 00000000ffffffffffffffffffffffffffffffff
I/DEBUG ( 56): 00000010ffffffffffffffffffffffffffffffff
I/DEBUG ( 56): 00000020ffffffffffffffffffffffffffffffff
I/DEBUG ( 56): 00000030ffffffffffffffffffffffffffffffff
I/DEBUG ( 56): 00000040ffffffffffffffffffffffffffffffff
I/DEBUG ( 56): 00000050ffffffffffffffffffffffffffffffff
I/DEBUG ( 56): 00000060ffffffffffffffffffffffffffffffff
I/DEBUG ( 56): 00000070ffffffffffffffffffffffffffffffff
I/DEBUG ( 56): 00000080ffffffffffffffffffffffffffffffff
I/DEBUG ( 56): 00000090ffffffffffffffffffffffffffffffff
I/DEBUG ( 56): 000000a0ffffffffffffffffffffffffffffffff
I/DEBUG ( 56): 000000b0ffffffffffffffffffffffffffffffff
I/DEBUG ( 56): 000000c0ffffffffffffffffffffffffffffffff
I/DEBUG ( 56): 000000d0ffffffffffffffffffffffffffffffff
I/DEBUG ( 56): 000000e0ffffffffffffffffffffffffffffffff
I/DEBUG ( 56): 000000f0ffffffffffffffffffffffffffffffff

Change-Id: I50ac41f7a00acad868c6a9d2467b88a43a9b3ba7
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

  • Participants
  • Parent commits d65a022
  • Branches seandroid, seandroid-4.3 1
    1. seandroid-4.4

Comments (0)

Files changed (1)

surfaceflinger.te

 init_daemon_domain(surfaceflinger)
 typeattribute surfaceflinger mlstrustedsubject;
 
+# mprotect RWX
+allow surfaceflinger self:process execmem;
+
 # Talk to init over the property socket.
 unix_socket_connect(surfaceflinger, property, init)