Allow system watchdog to collect traces from vold.

We're investigating a bug where vold gets wedged, and we need to collect ANR stack traces from it to debug further. avc: denied { signal } for comm="watchdog" scontext=u:r:system_server:s0 tcontext=u:r:vold:s0 tclass=process permissive=0 avc: denied { ptrace } for scontext=u:r:crash_dump:s0 tcontext=u:r:vold:s0 tclass=process permissive=0 Bug: 122090837 Test: manual Change-Id: I738e63717715189b9ae2317472f671e3563afaa9
2019-02-05 14:39:02 -07:00 · 2019-02-05 14:39:02 -07:00 · d101896ec8
commit d101896ec8
parent b398160f72
2 changed files with 3 additions and 1 deletions
--- a/private/crash_dump.te
+++ b/private/crash_dump.te
@ -15,7 +15,7 @@ allow crash_dump {
  -vold
 }:process { ptrace signal sigchld sigstop sigkill };
 userdebug_or_eng(`
-  allow crash_dump { llkd logd }:process { ptrace signal sigchld sigstop sigkill };
+  allow crash_dump { llkd logd vold }:process { ptrace signal sigchld sigstop sigkill };
 ')

 ###
@ -37,6 +37,7 @@ neverallow crash_dump {
  ueventd
  vendor_init
  vold
+  userdebug_or_eng(`-vold')
 }:process { signal sigstop sigkill };

 neverallow crash_dump self:process ptrace;
--- a/private/system_server.te
+++ b/private/system_server.te
@ -276,6 +276,7 @@ allow system_server {
  sdcardd
  statsd
  surfaceflinger
+  vold

  # This list comes from HAL_INTERFACES_OF_INTEREST in
  # frameworks/base/services/core/java/com/android/server/Watchdog.java.