diff options
Diffstat (limited to 'debuggerd.te')
-rw-r--r-- | debuggerd.te | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/debuggerd.te b/debuggerd.te index 16f4cbe..4f84813 100644 --- a/debuggerd.te +++ b/debuggerd.te @@ -9,7 +9,7 @@ allow debuggerd self:capability2 { syslog }; allow debuggerd domain:dir r_dir_perms; allow debuggerd domain:file r_file_perms; allow debuggerd domain:lnk_file read; -allow debuggerd { domain -init -ueventd -watchdogd -healthd -adbd -keystore }:process ptrace; +allow debuggerd { domain -init -ueventd -watchdogd -healthd -adbd -keystore }:process { ptrace getattr }; security_access_policy(debuggerd) allow debuggerd system_data_file:dir create_dir_perms; allow debuggerd system_data_file:dir relabelfrom; @@ -22,6 +22,10 @@ allow debuggerd domain:process { sigstop signal }; allow debuggerd exec_type:file r_file_perms; # Access app library allow debuggerd system_data_file:file open; +# Allow debuggerd to redirect a dump_backtrace request to itself. +# This only happens on 64 bit systems, where all requests go to the 64 bit +# debuggerd and get redirected to the 32 bit debuggerd if the process is 32 bit. +allow debuggerd { drmserver mediaserver sdcardd surfaceflinger inputflinger }:debuggerd dump_backtrace; # Connect to system_server via /data/system/ndebugsocket. unix_socket_connect(debuggerd, system_ndebug, system_server) @@ -33,3 +37,6 @@ userdebug_or_eng(` # logd access read_logd(debuggerd) + +# Check SELinux permissions. +selinux_check_access(debuggerd) |