6ad56599a2
This reverts commit 7ed2456b45.
Reason for revert: /dev/userspace-panic is discarded (b/188777408#comment13)
Bug: 188777408
Change-Id: I98b0159890ee755ffaefc5533f9c40d54f8f26d2
53 lines
1.5 KiB
Text
53 lines
1.5 KiB
Text
# llkd Live LocK Daemon
|
|
typeattribute llkd coredomain;
|
|
|
|
init_daemon_domain(llkd)
|
|
|
|
get_prop(llkd, llkd_prop)
|
|
|
|
allow llkd self:global_capability_class_set kill;
|
|
userdebug_or_eng(`
|
|
allow llkd self:global_capability_class_set { sys_ptrace sys_admin };
|
|
allow llkd self:global_capability_class_set { dac_override dac_read_search };
|
|
')
|
|
|
|
# llkd optionally locks itself in memory, to prevent it from being
|
|
# swapped out and unable to discover a kernel in live-lock state.
|
|
allow llkd self:global_capability_class_set ipc_lock;
|
|
|
|
# Send kill signals to _anyone_ suffering from Live Lock
|
|
allow llkd domain:process sigkill;
|
|
|
|
# read stack to check for Live Lock
|
|
userdebug_or_eng(`
|
|
allow llkd {
|
|
domain
|
|
-apexd
|
|
-kernel
|
|
-keystore
|
|
-init
|
|
-llkd
|
|
-ueventd
|
|
-vendor_init
|
|
}:process ptrace;
|
|
')
|
|
|
|
# live lock watchdog process allowed to look through /proc/
|
|
allow llkd domain:dir r_dir_perms;
|
|
allow llkd domain:file r_file_perms;
|
|
allow llkd domain:lnk_file read;
|
|
# Set /proc/sys/kernel/hung_task_*
|
|
allow llkd proc_hung_task:file rw_file_perms;
|
|
|
|
# live lock watchdog process allowed to dump process trace and
|
|
# reboot because orderly shutdown may not be possible.
|
|
allow llkd proc_sysrq:file rw_file_perms;
|
|
allow llkd kmsg_device:chr_file w_file_perms;
|
|
|
|
### neverallow rules
|
|
|
|
neverallow { domain -init } llkd:process { dyntransition transition };
|
|
neverallow { domain userdebug_or_eng(`-crash_dump') } llkd:process ptrace;
|
|
|
|
# never honor LD_PRELOAD
|
|
neverallow * llkd:process noatsecure;
|