Commit graph

166 commits

Author SHA1 Message Date
Kelvin Zhang
2b5f108143 Bundle proc_bootconfig permission into read_fstab
fs_mgr::ReadDefaultFstab calls fs_mgr:ReadFstabFromDt() which eventually
calls fs_mgr_get_boot_config_from_bootconfig_source to read boot config.
Therefore bundle permission to read proc_bootconfig. This resolves some
selinux denials for update_engine

Test: th
Change-Id: Ia8bd94eb33a38ccd939577b54910645fec4ccda8
2021-09-14 18:44:42 -07:00
Alan Stokes
39f497013c SEPolicy for compos_verify_key.
Remove some allow rules for odsign, since it no longer directly
modifies CompOs files. Instead allow it to run compos_verify_key in
its own domain.

Grant compos_verify_key what it needs to access the CompOs files and
start up the VM.

Currently we directly connect to the CompOs VM; that will change once
some in-flight CLs have landed.

As part of this I moved the virtualizationservice_use macro to
te_macros so I can use it here. I also expanded it to include
additional grants needed by any VM client that were previously done
for individual domains (and then deleted those rules as now
redundant).

I also removed the grant of VM access to all apps; instead we allow it
for untrusted apps, on userdebug or eng builds only. (Temporarily at
least.)

Bug: 193603140
Test: Manual - odsign successfully runs the VM at boot when needed.
Change-Id: I62f9ad8c7ea2fb9ef2d468331e26822d08e3c828
2021-09-03 16:31:02 +01:00
Kalesh Singh
d86bcd1dfd sepolicy: Update wakelock_use macro
Update wakelock_use macro to allow requesting wakelocks from system
supend AIDL hal.

Bug: 170260236
Test: boot; Check logcat for avc denials
Change-Id: I43b69cd39b3f1c858b3f0133ea317800b796fd9c
2021-07-21 00:03:36 +00:00
Janis Danisevskis
4678660d83 Rename vpnprofilestore to legacykeystore.
Bug: 191373871
Test: N/A
Merged-In: I3f11827909bd37a2127069de82670776a8e192b3
Change-Id: I3f11827909bd37a2127069de82670776a8e192b3
2021-06-30 12:40:39 -07:00
Yifan Hong
be04b091bb Allow binder services to r/w su:tcp_socket
Test: binderHostDeviceTest
Bug: 182914638
Change-Id: I1c8d3b2194bc20bd2bcde566190aa5c73d7e7db9
2021-06-08 10:39:02 -07:00
Hridya Valsaraju
a885dd84c7 Revert "Revert "Add a neverallow for debugfs mounting""
This reverts commit f9dbb72654.
Issues with GSI testing fixed with
https://android-review.googlesource.com/c/platform/build/+/1686425/

Bug: 184381659
Test: manual
Change-Id: Icd07430c606e294dfaad2fc9b37d34e3dae8cbfc
2021-05-02 21:41:53 -07:00
Hridya Valsaraju
f9dbb72654 Revert "Add a neverallow for debugfs mounting"
Revert submission 1668411

Reason for revert: Suspect for b/186173384
Reverted Changes:
Iaa4fce9f0:Check that tracefs files are labelled as tracefs_t...
I743a81489:Exclude vendor_modprobe from debugfs neverallow re...
I63a22402c:Add neverallows for debugfs access
I289f2d256:Add a neverallow for debugfs mounting

Change-Id: Ie04d7a4265ace43ba21a108af85f82ec137c6af0
2021-04-23 16:38:20 +00:00
Hridya Valsaraju
1c3d898d87 Add a neverallow for debugfs mounting
Android R launching devices and newer must not ship with debugfs
mounted. For Android S launching devices and newer, debugfs must only be
mounted in userdebug/eng builds by init(for boot time initializations)
and dumpstate(for grabbing debug information from debugfs). This patch
adds a neverallow statement that prevents processes other than init
from being provided access to mount debugfs in non-user builds
when the flag PRODUCT_SET_DEBUGFS_RESTRICTIONS is set to true.

Test: make with/without PRODUCT_SET_DEBUGFS_RESTRICTIONS
Bug: 184381659
Change-Id: I289f2d25662a78678929e29f83cb31cebd8ca737
2021-04-21 14:13:02 -07:00
Yi-Yo Chiang
806898db48 Split gsi_metadata_file and add gsi_metadata_file_type attribute
Split gsi_metadata_file into gsi_metadata_file plus
gsi_public_metadata_file, and add gsi_metadata_file_type attribute.
Files that are okay to be publicly readable are labeled with
gsi_public_metadata_file. Right now only files needed to infer the
device fstab belong to this label.
The difference between gsi_metadata_file and gsi_public_metadata_file is
that gsi_public_metadata_file has relaxed neverallow rules, so processes
who wish to read the fstab can add the respective allow rules to their
policy files.
Allow gsid to restorecon on gsi_metadata_file to fix the file context of
gsi_public_metadata_file.

Bug: 181110285
Test: Build pass
Test: Issue a DSU installation then verify no DSU related denials and
  files under /metadata/gsi/ are labeled correctly.
Change-Id: I54a5fe734dd345e28fd8c0874d5fceaf80ab8c11
2021-03-29 03:09:35 +00:00
Steven Moreland
4e306bf4cf s/hw// in hal_attribute_service documentation.
Some details here are copied from hal_attribute_hwservice but
no longer make sense here.

Bug: N/A
Test: N/A
Change-Id: Ia4a4d6731b5e5270922d32b7854d36bd726d202b
2021-03-22 22:21:52 +00:00
Lokesh Gidra
06edcd8250 Add SELinux policy for using userfaultfd
ART runtime will be using userfaultfd for a new heap compaction
algorithm. After enabling userfaultfd in android kernels (with SELinux
support), the feature needs policy that allows { create ioctl read }
operations on userfaultfd file descriptors.

Bug: 160737021
Test: Manually tested by exercising userfaultfd ops in ART
Change-Id: I9ccb7fa9c25f91915639302715f6197d42ef988e
2021-03-17 04:57:22 -07:00
Janis Danisevskis
291bc98a36 Keystore 2.0: Add policy for vpnprofilestore
Test: N/A
Change-Id: Iba6ca7be95dfcead8ce8ee17d6a6d78a5441d58f
2021-02-23 13:24:52 -08:00
Tianjie
c447b9b09c Make system server a client of boot control HAL
To support multi-client resume on reboot, the recovery system
service want to query the active boot slot on the next boot; and
abort the reboot if the active slot is different from clients'
expectation.

Denial:
SELinux : avc:  denied  { find } for interface=android.hardware.boot::IBootControl
sid=u:r:system_server:s0 pid=1700 scontext=u:r:system_server:s0
tcontext=u:object_r:hal_bootctl_hwservice:s0 tclass=hwservice_manager permissive=1

Bug: 173808057
Test: adb shell cmd recovery reboot-and-apply ota reason
Change-Id: I6a303d8dcbae89a2287d96ae3116109e2a43bbd6
2021-01-16 19:18:05 -08:00
Florian Mayer
a8a3d8b1bf Allow heapprofd central mode on user builds.
This simplifies operation by removing a special case for user builds.

Test: atest CtsPerfettoTestCases on user
Test: atest CtsPerfettoTestCases on userdebug
Test: atest perfetto_integrationtests on userdebug
Bug: 153139002
Change-Id: Ibbf3dd5e4f75c2a02d931f73b96fabb8157e0ebf
2021-01-11 17:19:02 +00:00
Janis Danisevskis
d5ad76b0c4 Add policy for the android protected confirmation service.
This is the service offered by Keystore 2.0 to provide APC service to
application. It was formerly part of the IKeystoreService interface.
Not it is an interface in ints own right.

Test: Keystore 2.0 can register the apc service interface.
      Apps can lookup and call this interface.
Bug: 159341464
Change-Id: I058adf0021d9b89f4eac7534e366c29071f0f98b
2020-12-10 10:58:11 -08:00
Inseob Kim
afc09932f6 Enforce sysprop owner
Every property should have an appropriate owner attribute, which can be
one of: system_property_type, product_property_type, or
vendor_property_type. This will be enforced for devices launching with S
or later. Devices launching with R or eariler can relax this by setting
following under BoardConfig.mk:

BUILD_BROKEN_ENFORCE_SYSPROP_OWNER := true

Bug: 131162102
Test: system/sepolicy/tools/build_policies.sh
Change-Id: I7914ef1b7463c9ec00812b9720094531fd63f0c7
2020-10-19 05:07:05 +00:00
Inseob Kim
574666cb4f Reland "Add vendor_property_type to vendor_default_prop"
This reverts commit 80d6227114.

Reason for revert: fixed build error

Bug: 131162102
Test: m selinux_policy sepolicy.recovery
Change-Id: Ic974f54acd3471bf7bf8c09d8392f2dd7a248f41
2020-10-14 20:54:05 +09:00
Jakub Pawlowski
80d6227114 Revert "Add vendor_property_type to vendor_default_prop"
This reverts commit d68d0ca0fc.

Reason for revert: broke build

Change-Id: I52905a143a31829d3825a2aa07bbf09b957240f0
2020-10-05 11:52:47 +00:00
Inseob Kim
d68d0ca0fc Add vendor_property_type to vendor_default_prop
Bug: 159097992
Test: m selinux_policy
Change-Id: Ic5fca5ff263584fe3e8b334003d671d706070cb8
2020-10-05 15:02:20 +09:00
Steven Moreland
82f7900341 Make AIDL HAL client attribute an exclusive client.
Like HIDL HALs, if we have a service which is allowed to access
hal_<foo>_service, we want that service to have the attribute
hal_<foo>_client.

Unlike HIDL HALs, some AIDL services are allowed to get ahold of all
HALs, so these have to be exempted from this check.

Fixes: 168152053
Test: neverallows pass
Change-Id: I4bce6d9441c2921c3ea40f2b01fef4030c02a28a
2020-09-11 00:02:00 +00:00
Florian Mayer
356b98d552 Refactor sepolicy to support central mode on user.
Functionally this is a no-op change.

Bug: 152976928
Change-Id: If4c0c6c74e60cc84f4adedfd430b385795cd15eb
2020-04-06 12:33:43 +00:00
Ryan Savitski
3baeb1ea80 perfetto: fix missing fd:use for producer-supplied shared memory
The previous attempt (aosp/1225417) had a missing piece: while we
allowed traced to use the shared memory, we haven't allowed it to use
the file descriptors in the producers' domains. Since the shared memory
is being transferred as an fd (obtained from memfd_create), the service
ends up hitting a denial (see below for an example).

We ended up missing the general case as we only tested with the shell
domain at the time, and traced is already allowed to use shell's fds for
other reasons.

To reiterate, the tracing service treats producers as inherently
untrusted/adversarial, so its implementation should never attempt to use
a file descriptor that isn't otherwise validated (such as checking seals
for the memfds).

Example denial from a chromium apk that is exercising this path:

traced  : type=1400 audit(0.0:80): avc: denied { use } for
path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429
dev="tmpfs" ino=151536 scontext=u:r:traced:s0
tcontext=u:r:untrusted_app_29:s0:c136,c256,c512,c768 tclass=fd
permissive=0

(deobfuscated path in the denial: /memfd:perfetto_shmem (deleted))

Tested: experimental chromium apk no longer crashes when trying to hand
        over shared memory to traced
Bug: 148841422
Change-Id: I7390fb174e2083ba7693c3160da44b4cfa7b1c8b
2020-03-11 22:12:09 +00:00
David Zeuthen
02bf814aa2 Add SELinux policy for credstore and update for IC HAL port from HIDL to AIDL.
The credstore service is a system service which backs the
android.security.identity.* Framework APIs. It essentially calls into
the Identity Credential HAL while providing persistent storage for
credentials.

Bug: 111446262
Test: atest android.security.identity.cts
Test: VtsHalIdentityTargetTest
Test: android.hardware.identity-support-lib-test
Change-Id: I5cd9a6ae810e764326355c0842e88c490f214c60
2020-02-19 13:46:45 -05:00
Treehugger Robot
429ce33777 Merge "perfetto: allow producers to supply shared memory" 2020-02-14 19:59:49 +00:00
Inseob Kim
33994bba81 Add macros for vendor_init writeonce properties
There are a lot of properties which is meant to be set once by
vendor_init. Most of them are configuration properties from vendor. This
introduces a macro to define such properties, which can help readability
and better security than using plain system_public_prop.

Bug: 148125056
Test: manual
Change-Id: I8b68e635d42119bafd1d22cba7957f583822ac7b
2020-02-07 03:03:43 +09:00
Ryan Savitski
21f6ae6a8a perfetto: allow producers to supply shared memory
This concerns the data transfer between an untrusted producer process,
and the tracing service (traced daemon). They communicate over a
combination of a unix socket and shared memory.

Normally, the service creates the shared memory region, and hands it off
to the producer process (see perfetto_producer() macro). This patch
allows for an alternative scheme, where the producer process is allowed
to create the shared memory region, which will then be adopted by the
tracing service. The service already inherently doesn't trust the
producer, so it'll validate that the shared memory is appropriately
sealed before using it.

The immediate use-case is chrome's go/perfetto-startup-tracing-v2. But
this mode has advantages (e.g. being able to write to the shared memory
before connecting) for other producer domains as well.

Bug: 148841422
Change-Id: I90f864b900958792553f0208f4a0041dbf2892cc
2020-02-04 13:47:42 +00:00
Ryan Savitski
67a82481f8 initial policy for traced_perf daemon (perf profiler)
The steps involved in setting up profiling and stack unwinding are
described in detail at go/perfetto-perf-android.

To summarize the interesting case: the daemon uses cpu-wide
perf_event_open, with userspace stack and register sampling on. For each
sample, it identifies whether the process is profileable, and obtains
the FDs for /proc/[pid]/{maps,mem} using a dedicated RT signal (with the
bionic signal handler handing over the FDs over a dedicated socket). It
then uses libunwindstack to unwind & symbolize the stacks, sending the
results to the central tracing daemon (traced).

This patch covers the app profiling use-cases. Splitting out the
"profile most things on debug builds" into a separate patch for easier
review.

Most of the exceptions in domain.te & coredomain.te come from the
"vendor_file_type" allow-rule. We want a subset of that (effectively all
libraries/executables), but I believe that in practice it's hard to use
just the specific subtypes, and we're better off allowing access to all
vendor_file_type files.

Bug: 137092007
Change-Id: I4aa482cfb3f9fb2fabf02e1dff92e2b5ce121a47
2020-01-22 22:04:01 +00:00
Ryan Savitski
ffa0dd93f3 perf_event: rules for system and simpleperf domain
This patch adds the necessary rules to support the existing usage of
perf_event_open by the system partition, which almost exclusively
concerns the simpleperf profiler. A new domain is introduced for some
(but not all) executions of the system image simpleperf. The following
configurations are supported:
* shell -> shell process (no domain transition)
* shell -> debuggable app (through shell -> runas -> runas_app)
* shell -> profileable app (through shell -> simpleperf_app_runner ->
                            untrusted_app -> simpleperf)
* debuggable/profile app -> self (through untrusted_app -> simpleperf)

simpleperf_app_runner still enters the untrusted_app domain immediately
before exec to properly inherit the categories related to MLS. My
understanding is that a direct transition would require modifying
external/selinux and seapp_contexts as with "fromRunAs", which seems
unnecessarily complex for this case.

runas_app can still run side-loaded binaries and use perf_event_open,
but it checks that the target app is exactly "debuggable"
(profileability is insufficient).

system-wide profiling is effectively constrained to "su" on debug
builds.

See go/perf-event-open-security for a more detailed explanation of the
scenarios covered here.

Tested: "atest CtsSimpleperfTestCases" on crosshatch-user/userdebug
Tested: manual simpleperf invocations on crosshatch-userdebug
Bug: 137092007
Change-Id: I2100929bae6d81f336f72eff4235fd5a78b94066
2020-01-15 16:56:41 +00:00
Jon Spivack
a2f0fdfddd Merge "binder_use: Allow servicemanager callbacks" 2019-12-23 20:04:33 +00:00
Jon Spivack
4b9114a0b5 binder_use: Allow servicemanager callbacks
In order for services registered with LazyServiceRegistrar to dynamically stop, servicemanager needs to be able to call into client processes (to notify them and trigger shutdown).

Bug: 143108344
Test: aidl_lazy_test
Change-Id: I402d0bcc5e668bf022162c7ce7393d5b77256479
2019-12-19 23:07:14 +00:00
Inseob Kim
b4baf73477 Fix vendor defining macros and neverallows
init and dumpstate should be able to access all properties, but they are
in coredomain, so neverallow rules for vendor properties should be
changed in order to avoid conflicts.

Bug: 145339613
Test: add vendor_internal_prop manually and build.
Change-Id: If582870f855e4444f8ac0d091696c0c7fd833791
2019-12-03 18:42:12 +09:00
Inseob Kim
a6d5d515c9 Fix BUILD_BROKEN documentation
BoardConfig.mk should be the file on which BUILD_BROKEN_* is assigned.

Bug: 131162102
Test: N/A
Change-Id: I511dd72075d7c539503ab0b24d897cf3aff51b5b
2019-10-17 19:29:39 +09:00
Florian Mayer
ede8b7e39d Merge "Allow Java domains to be Perfetto producers." 2019-10-16 12:37:09 +00:00
Inseob Kim
ed59c22ffc Add BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW
A new sysprop neverallow rules are mandatory only for devices launching
with R or later. For devices already launched, neverallow rules can be
relaxed with adding following line to BoardConfig.mk:

BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true

Bug: 131162102
Test: Set PRODUCT_SHIPPING_API_LEVEL := 30 and try building with
changing some system_public_prop to system_internal_prop
Test: m cts sepolicy_tests

Change-Id: Id978b4d81a8683a57304bb639961105e2d91fa9a
Merged-In: Id978b4d81a8683a57304bb639961105e2d91fa9a
(cherry picked from commit 3be11e7abb)
2019-10-15 09:25:57 +09:00
Florian Mayer
5e52281372 Allow Java domains to be Perfetto producers.
This is needed to get Java heap graphs.

Test: flash aosp; profile system_server with setenforce 1

Bug: 136210868

Change-Id: I87dffdf28d09e6ce5f706782422510c615521ab3
2019-10-10 10:40:26 +01:00
Inseob Kim
19b99f18c8 Add attributes for exported properties
This introduces some attributes that can be used to restrict access to
exported properties so that one can easily check from which the
properties can be accessed, and that OEMs can extend their own exported
properties.

Bug: 71814576
Bug: 131162102
Test: boot aosp_cf_x86_phone-userdebug
Test: logcat | grep "avc: "
Change-Id: I6f988ec1cb94fa64563ca6cb91b7702da5d604e3
2019-09-19 05:07:50 +00:00
Florian Mayer
19c96aa7a9 Merge "Allow heapprofd to write to /proc/$PID/page_idle." 2019-07-02 12:05:29 +00:00
Florian Mayer
d59250afae Allow heapprofd to write to /proc/$PID/page_idle.
Change-Id: Ic7d13ebfe7c26df14e23976b9329b6ba1b016498
2019-07-02 13:01:11 +01:00
Treehugger Robot
1eb45b5606 Merge "In native coverage builds, allow all domains to access /data/misc/trace" 2019-06-14 18:35:25 +00:00
Rick Yiu
1a94b30d9a Add macro for dumping hal debug info
Hal debug info could be dumped in user build by using this macro.

Bug: 134545528
Test: build pass
Change-Id: I650d69607c75b73e95efb3647de5dd03b86cb143
2019-06-14 15:37:59 +00:00
Pirama Arumuga Nainar
ce9c0c5a5f In native coverage builds, allow all domains to access /data/misc/trace
Bug: http://b/135139675

Coverage files are written to /data/misc/trace (governed by the
method_trace_data_file selinux type).  Allow all domains to access
(create directories, access files) this directory when native coverage
is enabled (by setting NATIVE_COVERAGE to true) in an userdebug or eng
build.

Also relax neverallow constraints to allow access to
method_trace_data_file for native coverage builds.

Test: Build 32-bit cuttlefish with coverage:
          m NATIVE_COVERAGE=true COVERAGE_PATHS="*"
      and verify that there are no selinux denials in kernel log and
      logcat.

Change-Id: I3fe7c77612854b9de7de7a0ddd5cbf44a2f5c21e
2019-06-14 08:31:51 -07:00
Florian Mayer
315d8bfa15 Allow profilable domains to use heapprofd fd and tmpfs.
This is needed to allow to communicate over shared memory.

Bug: 126724929

Change-Id: I73e69ae3679cd50124ab48121e259fd164176ed3
2019-03-04 12:05:35 +00:00
Tri Vo
a532088e7f Decouple system_suspend from hal attributes.
System suspend service is not a HAL, so avoid using HAL-specific macros
and attributes.

Use system_suspend_server attribute for ISystemSuspend.hal permissions.
Use system_suspend type directly for internal .aidl interface
permissions.

Bug: 126259100
Test: m selinux_policy
Test: blueline boots; wakelocks can still be acquired; device suspends
if left alone.
Change-Id: Ie811e7da46023705c93ff4d76d15709a56706714
2019-02-26 18:10:28 -08:00
Jeff Vander Stoep
9f5d0d90a3 Initial selinux policy support for memfd
Move all app tmpfs types to appdomain_tmpfs. These are still protected
by mls categories and DAC. TODO clean up other app tmpfs types in a
separate change.

Treble-ize tmpfs passing between graphics composer HAL and
surfaceflinger.

Bug: 122854450
Test: boot Blueline with memfd enabled.
Change-Id: Ib98aaba062f10972af6ae80fb85b7a0f60a32eee
2019-01-30 19:11:49 +00:00
Jeff Vander Stoep
41a2abfc0d Properly Treble-ize tmpfs access
This is being done in preparation for the migration from ashmem to
memfd. In order for tmpfs objects to be usable across the Treble
boundary, they need to be declared in public policy whereas, they're
currently all declared in private policy as part of the
tmpfs_domain() macro. Remove the type declaration from the
macro, and remove tmpfs_domain() from the init_daemon_domain() macro
to avoid having to declare the *_tmpfs types for all init launched
domains. tmpfs is mostly used by apps and the media frameworks.

Bug: 122854450
Test: Boot Taimen and blueline. Watch videos, make phone calls, browse
internet, send text, install angry birds...play angry birds, keep
playing angry birds...

Change-Id: I20a47d2bb22e61b16187015c7bc7ca10accf6358
Merged-In: I20a47d2bb22e61b16187015c7bc7ca10accf6358
(cherry picked from commit e16fb9109c)
2019-01-26 17:30:41 +00:00
Ryan Savitski
ca0690e8eb Allow heap profiling of certain app domains on user builds
This patch extends the current debug-specific rules to cover user
builds. As a reminder, on user, the target process fork-execs a private
heapprofd process, which then performs stack unwinding & talking to the
central tracing daemon while staying in the target's domain. The central
heapprofd daemon is only responsible for identifying targets & sending
the activation signal. On the other hand, on debug, the central
heapprofd can handle all processes directly, so the necessary SELinux
capabilities depend on the build type.

These rules are necessary but not sufficient for profiling. For zygote
children, the libc triggering logic will also check for the app to
either be debuggable, or go/profileable.

For more context, see go/heapprofd-security & go/heapprofd-design.

Note that I've had to split this into two separate macros, as
exec_no_trans - which is necessary on user, but nice-to-have on debug -
conflicts with a lot of neverallows (e.g. HALs and system_server) for
the wider whitelisting that we do on debug builds.

Test: built & flashed on {blueline-userdebug, blueline-user}, activated profiling of whitelisted/not domains & checked for lack of denials in logcat.
Bug: 120409382
Change-Id: Id0defc3105b99f777bcee2046d9894a2b39c6a29
2019-01-21 14:30:57 +00:00
Yabin Cui
770a4f6539 Add permissions in runas_app domain to debug/profile debuggable apps.
runas_app domain is used by lldb/ndk-gdb/simpleperf to debug/profile
debuggable apps. But it misses permissions to ptrace app processes and
read /proc/<app_pid> directory.

Bug: none
Test: build and boot marlin.
Test: run lldb and simpleperf on apps with target sdk version 24-29.
Change-Id: I9e6f940ec81a8285eae8db3b77fb1251a25dedd0
2019-01-09 17:24:31 +00:00
Florian Mayer
45f4847c21 Add userdebug selinux config for heapprofd.
Test: m
Test: flash sailfish
Test: profile system_server

Change-Id: I577793af655146ee91be86bb286fcf9d6e6d081d
2018-11-14 09:22:07 +00:00
Nick Kralevich
0e79107309 property files: remove ioctl and lock
They are unneeded.

Test: device boots and no obvious problems.
Change-Id: Ib788a89645c893c8c36acbe7fb34ce93bf6a57d7
2018-10-10 09:02:12 -07:00
Mark Salyzyn
275ea12d84 llkd: Add stack symbol checking
llkd needs the ptrace capabilities and dac override to monitor for
live lock conditions on the stack dumps.

Test: compile
Bug: 33808187
Change-Id: Ibc1e4cc10395fa9685c4ef0ca214daf212a5e126
2018-09-04 17:02:30 +00:00