cb3eb4eef9
Replace the global debuggerd with a per-process debugging helper that gets exec'ed by the process that crashed. Bug: http://b/30705528 Test: crasher/crasher64, `debuggerd <pid>`, `kill -ABRT <pid>` Change-Id: Iad1b7478f7a4e2690720db4b066417d8b66834ed
16 lines
477 B
Text
16 lines
477 B
Text
# Transition to crash_dump when /system/bin/crash_dump* is executed.
|
|
# This occurs when the process crashes.
|
|
domain_auto_trans(domain, crash_dump_exec, crash_dump);
|
|
allow domain crash_dump:process sigchld;
|
|
|
|
# Limit ability to ptrace or read sensitive /proc/pid files of processes
|
|
# with other UIDs to these whitelisted domains.
|
|
neverallow {
|
|
domain
|
|
-vold
|
|
-crash_dump
|
|
-dumpstate
|
|
-storaged
|
|
-system_server
|
|
userdebug_or_eng(`-perfprofd')
|
|
} self:capability sys_ptrace;
|