770a4f6539
runas_app domain is used by lldb/ndk-gdb/simpleperf to debug/profile debuggable apps. But it misses permissions to ptrace app processes and read /proc/<app_pid> directory. Bug: none Test: build and boot marlin. Test: run lldb and simpleperf on apps with target sdk version 24-29. Change-Id: I9e6f940ec81a8285eae8db3b77fb1251a25dedd0
17 lines
634 B
Text
17 lines
634 B
Text
typeattribute runas_app coredomain;
|
|
|
|
app_domain(runas_app)
|
|
untrusted_app_domain(runas_app)
|
|
net_domain(runas_app)
|
|
bluetooth_domain(runas_app)
|
|
|
|
# The ability to call exec() on files in the apps home directories
|
|
# when using run-as on a debuggable app. Used to run lldb/ndk-gdb/simpleperf,
|
|
# which are copied to the apps home directories.
|
|
allow runas_app app_data_file:file execute_no_trans;
|
|
|
|
# Allow lldb/ndk-gdb/simpleperf to read maps of debuggable app processes.
|
|
r_dir_file(runas_app, untrusted_app_all)
|
|
|
|
# Allow lldb/ndk-gdb/simpleperf to ptrace attach to debuggable app processes.
|
|
allow runas_app untrusted_app_all:process ptrace;
|