0a64d100b8
dmesgd is a daemon that collects kernel memory error reports. When system_server notices that a kernel error occured, it sets the dmesgd.start system property to 1, which results in init starting dmesgd. Once that happens, dmesgd runs `dmesg` and parses its output to collect the last error report. That report, together with the headers containing device- and build-specific information is stored in Dropbox. Empirically, dmesgd needs the following permissions: - execute shell (for popen()) and toolbox (for dmesg), read system_log (for dmesg) - read /proc/version (to generate headers) - perform Binder calls to servicemanager and system_server, find dropbox_service (for dropbox) - create files in /data/misc/dmesgd (to store persistent state) Bug: 215095687 Test: run dmesgd on a user device with injected KFENCE bugs Change-Id: Iff21a2ffd99fc31b89a58ac774299b5e922721ea
15 lines
507 B
Text
15 lines
507 B
Text
type dmesgd, domain, coredomain;
|
|
type dmesgd_exec, system_file_type, exec_type, file_type;
|
|
|
|
init_daemon_domain(dmesgd)
|
|
|
|
allow dmesgd dmesgd_data_file:dir create_dir_perms;
|
|
allow dmesgd dmesgd_data_file:file create_file_perms;
|
|
|
|
allow dmesgd kernel:system syslog_read;
|
|
allow dmesgd shell_exec:file rx_file_perms;
|
|
allow dmesgd toolbox_exec:file rx_file_perms;
|
|
binder_use(dmesgd)
|
|
binder_call(dmesgd, system_server)
|
|
allow dmesgd dropbox_service:service_manager find;
|
|
allow dmesgd proc_version:file r_file_perms;
|