d101896ec8
We're investigating a bug where vold gets wedged, and we need to
collect ANR stack traces from it to debug further.
avc: denied { signal } for comm="watchdog" scontext=u:r:system_server:s0 tcontext=u:r:vold:s0 tclass=process permissive=0
avc: denied { ptrace } for scontext=u:r:crash_dump:s0 tcontext=u:r:vold:s0 tclass=process permissive=0
Bug: 122090837
Test: manual
Change-Id: I738e63717715189b9ae2317472f671e3563afaa9
43 lines
781 B
Text
43 lines
781 B
Text
typeattribute crash_dump coredomain;
|
|
|
|
allow crash_dump {
|
|
domain
|
|
-apexd
|
|
-bpfloader
|
|
-crash_dump
|
|
-init
|
|
-kernel
|
|
-keystore
|
|
-llkd
|
|
-logd
|
|
-ueventd
|
|
-vendor_init
|
|
-vold
|
|
}:process { ptrace signal sigchld sigstop sigkill };
|
|
userdebug_or_eng(`
|
|
allow crash_dump { llkd logd vold }:process { ptrace signal sigchld sigstop sigkill };
|
|
')
|
|
|
|
###
|
|
### neverallow assertions
|
|
###
|
|
|
|
# ptrace neverallow assertions are spread throughout the other policy
|
|
# files, so we avoid adding redundant assertions here
|
|
|
|
neverallow crash_dump {
|
|
bpfloader
|
|
init
|
|
kernel
|
|
keystore
|
|
llkd
|
|
userdebug_or_eng(`-llkd')
|
|
logd
|
|
userdebug_or_eng(`-logd')
|
|
ueventd
|
|
vendor_init
|
|
vold
|
|
userdebug_or_eng(`-vold')
|
|
}:process { signal sigstop sigkill };
|
|
|
|
neverallow crash_dump self:process ptrace;
|