1 files changed, 8 insertions, 1 deletions

diff --git a/debuggerd.te b/debuggerd.te
index 16f4cbe..4f84813 100644
--- a/debuggerd.te
+++ b/debuggerd.te
@@ -9,7 +9,7 @@ allow debuggerd self:capability2 { syslog };
 allow debuggerd domain:dir r_dir_perms;
 allow debuggerd domain:file r_file_perms;
 allow debuggerd domain:lnk_file read;
-allow debuggerd { domain -init -ueventd -watchdogd -healthd -adbd -keystore }:process ptrace;
+allow debuggerd { domain -init -ueventd -watchdogd -healthd -adbd -keystore }:process { ptrace getattr };
 security_access_policy(debuggerd)
 allow debuggerd system_data_file:dir create_dir_perms;
 allow debuggerd system_data_file:dir relabelfrom;
@@ -22,6 +22,10 @@ allow debuggerd domain:process { sigstop signal };
 allow debuggerd exec_type:file r_file_perms;
 # Access app library
 allow debuggerd system_data_file:file open;
+# Allow debuggerd to redirect a dump_backtrace request to itself.
+# This only happens on 64 bit systems, where all requests go to the 64 bit
+# debuggerd and get redirected to the 32 bit debuggerd if the process is 32 bit.
+allow debuggerd { drmserver mediaserver sdcardd surfaceflinger inputflinger }:debuggerd dump_backtrace;
 
 # Connect to system_server via /data/system/ndebugsocket.
 unix_socket_connect(debuggerd, system_ndebug, system_server)
@@ -33,3 +37,6 @@ userdebug_or_eng(`
 
 # logd access
 read_logd(debuggerd)
+
+# Check SELinux permissions.
+selinux_check_access(debuggerd)