Fix use of valgrind via app wrapping

On userdebug / eng builds, Android supports the concept of app wrapping. You can run an app wrapped by another process. This is traditionally used to run valgrind on apps, looking for memory leaks and other problems. App wrapping is enabled by running the following command: adb shell setprop wrap.com.android.foo "TMPDIR=/data/data/com.android.foo logwrapper valgrind" Valgrind attempts to mmap exec /system/bin/app_process, which is being denied by SELinux. Allow app_process exec. Addresses the following denial: <4>[ 82.643790] type=1400 audit(16301075.079:26): avc: denied { execute } for pid=1519 comm="memcheck-arm-li" path="/system/bin/app_process32" dev="mmcblk0p25" ino=61 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:zygote_exec:s0 tclass=file Bug: 15146424 Change-Id: I65394938c53da9252ea57856d9f2de465bb30c25
2014-05-22 15:00:25 -07:00 · 2014-05-22 15:00:25 -07:00 · 4fce0ef97c
commit 4fce0ef97c
parent f007d03628
1 changed files with 2 additions and 1 deletions
--- a/app.te
+++ b/app.te
@ -15,7 +15,8 @@ allow appdomain ashmem_device:chr_file execute;
 allow appdomain zygote:fd use;

 # gdbserver for ndk-gdb reads the zygote.
-allow appdomain zygote_exec:file r_file_perms;
+# valgrind needs mmap exec for zygote
+allow appdomain zygote_exec:file rx_file_perms;

 # gdbserver for ndk-gdb ptrace attaches to app process.
 allow appdomain self:process ptrace;