Allowing incidentd to get stack traces from processes. am: 985db6d8dd
am: 5f98693a77
Change-Id: Iaeaaeb8195e2ffcbf148b1764d57d4e1c7da6f4f
This commit is contained in:
Kweku Adams
android-build-merger
commit
49733255fb
7 changed files with 49 additions and 13 deletions
|
|
@ -9,6 +9,7 @@ neverallow {
|
|||
domain
|
||||
-vold
|
||||
-dumpstate
|
||||
userdebug_or_eng(`-incidentd')
|
||||
-storaged
|
||||
-system_server
|
||||
userdebug_or_eng(`-perfprofd')
|
||||
|
|
|
|||
|
|
@ -46,32 +46,47 @@ userdebug_or_eng(`allow incidentd pstorefs:file r_file_perms');
|
|||
allow incidentd incident_data_file:dir rw_dir_perms;
|
||||
allow incidentd incident_data_file:file create_file_perms;
|
||||
|
||||
# Get process attributes
|
||||
# TODO allow incidentd domain:process getattr;
|
||||
# Enable incidentd to get stack traces.
|
||||
binder_use(incidentd)
|
||||
hwbinder_use(incidentd)
|
||||
allow incidentd hwservicemanager:hwservice_manager { list };
|
||||
get_prop(incidentd, hwservicemanager_prop)
|
||||
allow incidentd hidl_manager_hwservice:hwservice_manager { find };
|
||||
|
||||
# Read files in /proc
|
||||
allow incidentd {
|
||||
proc_cmdline
|
||||
proc_pipe_conf
|
||||
proc_stat
|
||||
}:file r_file_perms;
|
||||
|
||||
# Signal java processes to dump their stack and get the results
|
||||
# TODO allow incidentd { appdomain ephemeral_app system_server }:process signal;
|
||||
# TODO allow incidentd anr_data_file:dir create_dir_perms;
|
||||
# TODO allow incidentd anr_data_file:file create_file_perms;
|
||||
allow incidentd { appdomain ephemeral_app system_server }:process signal;
|
||||
|
||||
# Signal native processes to dump their stack.
|
||||
# This list comes from native_processes_to_dump in incidentd/utils.c
|
||||
allow incidentd {
|
||||
# This list comes from native_processes_to_dump in dumputils/dump_utils.cpp
|
||||
audioserver
|
||||
cameraserver
|
||||
drmserver
|
||||
inputflinger
|
||||
mediacodec
|
||||
mediadrmserver
|
||||
mediaextractor
|
||||
mediametrics
|
||||
mediaserver
|
||||
sdcardd
|
||||
statsd
|
||||
surfaceflinger
|
||||
|
||||
# This list comes from hal_interfaces_to_dump in dumputils/dump_utils.cpp
|
||||
hal_audio_server
|
||||
hal_bluetooth_server
|
||||
hal_camera_server
|
||||
hal_graphics_composer_server
|
||||
hal_sensors_server
|
||||
hal_vr_server
|
||||
mediacodec # TODO(b/36375899): hal_omx_server
|
||||
}:process signal;
|
||||
|
||||
# Allow incidentd to make binder calls to any binder service
|
||||
|
|
@ -79,7 +94,18 @@ binder_call(incidentd, system_server)
|
|||
binder_call(incidentd, appdomain)
|
||||
|
||||
# Reading /proc/PID/maps of other processes
|
||||
# TODO allow incidentd self:global_capability_class_set sys_ptrace;
|
||||
userdebug_or_eng(`allow incidentd self:global_capability_class_set { sys_ptrace }');
|
||||
# incidentd has capability sys_ptrace, but should only use that capability for
|
||||
# accessing sensitive /proc/PID files, never for using ptrace attach.
|
||||
neverallow incidentd *:process ptrace;
|
||||
|
||||
allow incidentd self:global_capability_class_set {
|
||||
# Send signals to processes
|
||||
kill
|
||||
};
|
||||
|
||||
# Connect to tombstoned to intercept dumps.
|
||||
unix_socket_connect(incidentd, tombstoned_intercept, tombstoned)
|
||||
|
||||
# Run a shell.
|
||||
allow incidentd shell_exec:file rx_file_perms;
|
||||
|
|
|
|||
|
|
@ -372,10 +372,11 @@ allow system_server anr_data_file:file create_file_perms;
|
|||
#
|
||||
# Allow system_server to connect and write to the tombstoned java trace socket in
|
||||
# order to dump its traces. Also allow the system server to write its traces to
|
||||
# dumpstate during bugreport capture.
|
||||
# dumpstate during bugreport capture and incidentd during incident collection.
|
||||
unix_socket_connect(system_server, tombstoned_java_trace, tombstoned)
|
||||
allow system_server tombstoned:fd use;
|
||||
allow system_server dumpstate:fifo_file append;
|
||||
allow system_server incidentd:fifo_file append;
|
||||
|
||||
# Read /data/misc/incidents - only read. The fd will be sent over binder,
|
||||
# with no DAC access to it, for dropbox to read.
|
||||
|
|
|
|||
|
|
@ -150,6 +150,7 @@ allow appdomain anr_data_file:file { open append };
|
|||
unix_socket_connect(appdomain, tombstoned_java_trace, tombstoned)
|
||||
allow appdomain tombstoned:fd use;
|
||||
allow appdomain dumpstate:fifo_file append;
|
||||
allow appdomain incidentd:fifo_file append;
|
||||
|
||||
# Allow apps to send dump information to dumpstate
|
||||
allow appdomain dumpstate:fd use;
|
||||
|
|
@ -157,6 +158,10 @@ allow appdomain dumpstate:unix_stream_socket { read write getopt getattr shutdow
|
|||
allow appdomain dumpstate:fifo_file { write getattr };
|
||||
allow appdomain shell_data_file:file { write getattr };
|
||||
|
||||
# Allow apps to send dump information to incidentd
|
||||
allow appdomain incidentd:fd use;
|
||||
allow appdomain incidentd:fifo_file { write getattr };
|
||||
|
||||
# Write profiles /data/misc/profiles
|
||||
allow appdomain user_profile_data_file:dir { search write add_name };
|
||||
allow appdomain user_profile_data_file:file create_file_perms;
|
||||
|
|
|
|||
|
|
@ -1036,6 +1036,7 @@ neverallow {
|
|||
-tombstoned
|
||||
-crash_dump
|
||||
-dumpstate
|
||||
-incidentd
|
||||
-system_server
|
||||
|
||||
# Processes that can't exec crash_dump
|
||||
|
|
@ -1043,10 +1044,10 @@ neverallow {
|
|||
-mediaextractor
|
||||
} tombstoned_crash_socket:unix_stream_socket connectto;
|
||||
|
||||
# Never allow anyone except dumpstate or the system server to connect or write to
|
||||
# Never allow anyone except dumpstate, incidentd, or the system server to connect or write to
|
||||
# the tombstoned intercept socket.
|
||||
neverallow { domain -dumpstate -system_server } tombstoned_intercept_socket:sock_file write;
|
||||
neverallow { domain -dumpstate -system_server } tombstoned_intercept_socket:unix_stream_socket connectto;
|
||||
neverallow { domain -dumpstate -incidentd -system_server } tombstoned_intercept_socket:sock_file write;
|
||||
neverallow { domain -dumpstate -incidentd -system_server } tombstoned_intercept_socket:unix_stream_socket connectto;
|
||||
|
||||
# Android does not support System V IPCs.
|
||||
#
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@ allow dumpstate { appdomain system_server }:process signal;
|
|||
|
||||
# Signal native processes to dump their stack.
|
||||
allow dumpstate {
|
||||
# This list comes from native_processes_to_dump in dumpstate/utils.c
|
||||
# This list comes from native_processes_to_dump in dumputils/dump_utils.c
|
||||
audioserver
|
||||
cameraserver
|
||||
drmserver
|
||||
|
|
@ -69,7 +69,7 @@ allow dumpstate {
|
|||
sdcardd
|
||||
surfaceflinger
|
||||
|
||||
# This list comes from hal_interfaces_to_dump in dumpstate/utils.c
|
||||
# This list comes from hal_interfaces_to_dump in dumputils/dump_utils.c
|
||||
hal_audio_server
|
||||
hal_bluetooth_server
|
||||
hal_camera_server
|
||||
|
|
|
|||
|
|
@ -499,8 +499,10 @@ userdebug_or_eng(`
|
|||
')
|
||||
allow $1 anr_data_file:file append;
|
||||
allow $1 dumpstate:fd use;
|
||||
allow $1 incidentd:fd use;
|
||||
# TODO: Figure out why write is needed.
|
||||
allow $1 dumpstate:fifo_file { append write };
|
||||
allow $1 incidentd:fifo_file { append write };
|
||||
allow $1 system_server:fifo_file { append write };
|
||||
allow $1 tombstoned:unix_stream_socket connectto;
|
||||
allow $1 tombstoned:fd use;
|
||||
|
|
|
|||
Loading…
Reference in a new issue