diff options
| author | Nick Kralevich <nnk@google.com> | 2014-02-05 16:36:25 -0800 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2014-02-18 15:00:40 -0800 |
| commit | 116a20fdb6d9033e82e0c2fd421e054cfbc8c3b3 (patch) | |
| tree | dbfea5f6675e1f9f7a475f40e350915ff4df0942 /property.te | |
| parent | ba3f9b81da92638e0c99dabc6dc66c493ff56614 (diff) | |
| download | android_external_sepolicy-116a20fdb6d9033e82e0c2fd421e054cfbc8c3b3.tar.gz android_external_sepolicy-116a20fdb6d9033e82e0c2fd421e054cfbc8c3b3.tar.bz2 android_external_sepolicy-116a20fdb6d9033e82e0c2fd421e054cfbc8c3b3.zip | |
debuggerd: Allow "debug.db.uid" usage
Allow the use of debug.db.uid on userdebug / eng builds.
Setting this property allows debuggerd to suspend a process
if it detects a crash.
Make debug.db.uid only accessible to the su domain. This should
not be used on a user build.
Only support reading user input on userdebug / eng builds.
Steps to reproduce with the "crasher" program:
adb root
adb shell setprop debug.db.uid 20000
mmm system/core/debuggerd
adb sync
adb shell crasher
Addresses the following denials:
<5>[ 580.637442] type=1400 audit(1392412124.612:149): avc: denied { read } for pid=182 comm="debuggerd" name="input" dev="tmpfs" ino=5665 scontext=u:r:debuggerd:s0 tcontext=u:object_r:input_device:s0 tclass=dir
<5>[ 580.637589] type=1400 audit(1392412124.612:150): avc: denied { open } for pid=182 comm="debuggerd" name="input" dev="tmpfs" ino=5665 scontext=u:r:debuggerd:s0 tcontext=u:object_r:input_device:s0 tclass=dir
<5>[ 580.637706] type=1400 audit(1392412124.612:151): avc: denied { read write } for pid=182 comm="debuggerd" name="event5" dev="tmpfs" ino=6723 scontext=u:r:debuggerd:s0 tcontext=u:object_r:input_device:s0 tclass=chr_file
<5>[ 580.637823] type=1400 audit(1392412124.612:152): avc: denied { open } for pid=182 comm="debuggerd" name="event5" dev="tmpfs" ino=6723 scontext=u:r:debuggerd:s0 tcontext=u:object_r:input_device:s0 tclass=chr_file
<5>[ 580.637958] type=1400 audit(1392412124.612:153): avc: denied { ioctl } for pid=182 comm="debuggerd" path="/dev/input/event5" dev="tmpfs" ino=6723 scontext=u:r:debuggerd:s0 tcontext=u:object_r:input_device:s0 tclass=chr_file
Bug: 12532622
Change-Id: I63486edb73efb1ca12e9eb1994ac9e389251a3f1
Diffstat (limited to 'property.te')
| -rw-r--r-- | property.te | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/property.te b/property.te index 55888d1..9c6233c 100644 --- a/property.te +++ b/property.te @@ -1,6 +1,7 @@ type default_prop, property_type; type shell_prop, property_type; type debug_prop, property_type; +type debuggerd_prop, property_type; type radio_prop, property_type; type system_prop, property_type; type vold_prop, property_type; |