Fix ANR permission denial for AIDL HALs.
Recently, WatchDog gained the ability to query AIDL HAL PIDs in order to amend ANR reports. However, since this was tested on cuttlefish (and b/65201432 means that system_server is permissive), the denial was not enforced, and broke ANRs in the dogfood population. Fixes: 179753319 Test: simulate hanging w/ 'adb shell am hang', and the following denial no longer occurs: 02-10 00:50:05.719 200 200 E SELinux : avc: denied { list } for pid=575 uid=1000 name=service_manager scontext=u:r:system_server:s0 tcontext=u:r:servicemanager:s0 tclass=service_manager permissive=1 Change-Id: I210527ad7492b155d7cf08c7d67894ef602d37a6
This commit is contained in:
parent
ae73b479fc
commit
afb345c94b
1 changed files with 1 additions and 0 deletions
|
@ -292,6 +292,7 @@ unix_socket_connect(system_server, tombstoned_intercept, tombstoned)
|
|||
|
||||
# List HAL interfaces to get ANR traces.
|
||||
allow system_server hwservicemanager:hwservice_manager list;
|
||||
allow system_server servicemanager:service_manager list;
|
||||
|
||||
# Send signals to trigger ANR traces.
|
||||
allow system_server {
|
||||
|
|
Loading…
Reference in a new issue