116a20fdb6
Allow the use of debug.db.uid on userdebug / eng builds.
Setting this property allows debuggerd to suspend a process
if it detects a crash.
Make debug.db.uid only accessible to the su domain. This should
not be used on a user build.
Only support reading user input on userdebug / eng builds.
Steps to reproduce with the "crasher" program:
adb root
adb shell setprop debug.db.uid 20000
mmm system/core/debuggerd
adb sync
adb shell crasher
Addresses the following denials:
<5>[ 580.637442] type=1400 audit(1392412124.612:149): avc: denied { read } for pid=182 comm="debuggerd" name="input" dev="tmpfs" ino=5665 scontext=u:r:debuggerd:s0 tcontext=u:object_r:input_device:s0 tclass=dir
<5>[ 580.637589] type=1400 audit(1392412124.612:150): avc: denied { open } for pid=182 comm="debuggerd" name="input" dev="tmpfs" ino=5665 scontext=u:r:debuggerd:s0 tcontext=u:object_r:input_device:s0 tclass=dir
<5>[ 580.637706] type=1400 audit(1392412124.612:151): avc: denied { read write } for pid=182 comm="debuggerd" name="event5" dev="tmpfs" ino=6723 scontext=u:r:debuggerd:s0 tcontext=u:object_r:input_device:s0 tclass=chr_file
<5>[ 580.637823] type=1400 audit(1392412124.612:152): avc: denied { open } for pid=182 comm="debuggerd" name="event5" dev="tmpfs" ino=6723 scontext=u:r:debuggerd:s0 tcontext=u:object_r:input_device:s0 tclass=chr_file
<5>[ 580.637958] type=1400 audit(1392412124.612:153): avc: denied { ioctl } for pid=182 comm="debuggerd" path="/dev/input/event5" dev="tmpfs" ino=6723 scontext=u:r:debuggerd:s0 tcontext=u:object_r:input_device:s0 tclass=chr_file
Bug: 12532622
Change-Id: I63486edb73efb1ca12e9eb1994ac9e389251a3f1
57 lines
2.1 KiB
Text
57 lines
2.1 KiB
Text
##########################
|
|
# property service keys
|
|
#
|
|
#
|
|
net.rmnet0 u:object_r:radio_prop:s0
|
|
net.gprs u:object_r:radio_prop:s0
|
|
net.ppp u:object_r:radio_prop:s0
|
|
net.qmi u:object_r:radio_prop:s0
|
|
net.lte u:object_r:radio_prop:s0
|
|
net.cdma u:object_r:radio_prop:s0
|
|
gsm. u:object_r:radio_prop:s0
|
|
persist.radio u:object_r:radio_prop:s0
|
|
net.dns u:object_r:radio_prop:s0
|
|
sys.usb.config u:object_r:radio_prop:s0
|
|
|
|
ril. u:object_r:rild_prop:s0
|
|
|
|
net. u:object_r:system_prop:s0
|
|
dev. u:object_r:system_prop:s0
|
|
runtime. u:object_r:system_prop:s0
|
|
hw. u:object_r:system_prop:s0
|
|
sys. u:object_r:system_prop:s0
|
|
sys.powerctl u:object_r:powerctl_prop:s0
|
|
service. u:object_r:system_prop:s0
|
|
wlan. u:object_r:system_prop:s0
|
|
dhcp. u:object_r:system_prop:s0
|
|
bluetooth. u:object_r:bluetooth_prop:s0
|
|
|
|
debug. u:object_r:debug_prop:s0
|
|
debug.db. u:object_r:debuggerd_prop:s0
|
|
log. u:object_r:shell_prop:s0
|
|
service.adb.root u:object_r:shell_prop:s0
|
|
service.adb.tcp.port u:object_r:shell_prop:s0
|
|
|
|
persist.audio. u:object_r:audio_prop:s0
|
|
persist.sys. u:object_r:system_prop:s0
|
|
persist.service. u:object_r:system_prop:s0
|
|
persist.service.bdroid. u:object_r:bluetooth_prop:s0
|
|
persist.security. u:object_r:system_prop:s0
|
|
|
|
# mmac persistent properties
|
|
persist.mmac. u:object_r:security_prop:s0
|
|
|
|
# selinux non-persistent properties
|
|
selinux. u:object_r:security_prop:s0
|
|
|
|
# default property context
|
|
* u:object_r:default_prop:s0
|
|
|
|
# data partition encryption properties
|
|
vold. u:object_r:vold_prop:s0
|
|
crypto. u:object_r:vold_prop:s0
|
|
|
|
# ctl properties
|
|
ctl.dumpstate u:object_r:ctl_dumpstate_prop:s0
|
|
ctl.ril-daemon u:object_r:ctl_rildaemon_prop:s0
|
|
ctl. u:object_r:ctl_default_prop:s0
|