f194aad208
Applications connect to tombstoned via a unix domain socket and request
an open FD to which they can write their traces. This socket has a new
label (tombstoned_java_trace_socket) and appdomain and system_server are
given permissions to connect and write to it.
Apps no longer need permissions to open files under /data/anr/ and
these permissions will be withdrawn in a future change.
Bug: 32064548
Test: Manual
(cherry picked from commit a8832dabc7f3b7b2381760d2b95f81abf78db709)
(cherry picked from commit 11bfcc1e96)
Change-Id: Icc60d227331c8eee70a9389ff1e7e78772f37e6f
22 lines
901 B
Text
22 lines
901 B
Text
# debugger interface
|
|
type tombstoned, domain, mlstrustedsubject;
|
|
type tombstoned_exec, exec_type, file_type;
|
|
|
|
# Write to arbitrary pipes given to us.
|
|
allow tombstoned domain:fd use;
|
|
allow tombstoned domain:fifo_file write;
|
|
|
|
allow tombstoned domain:dir r_dir_perms;
|
|
allow tombstoned domain:file r_file_perms;
|
|
allow tombstoned tombstone_data_file:dir rw_dir_perms;
|
|
allow tombstoned tombstone_data_file:file create_file_perms;
|
|
|
|
# TODO: Remove append / write permissions. They were temporarily
|
|
# granted due to a bug which appears to have been fixed.
|
|
allow tombstoned anr_data_file:file { append write };
|
|
auditallow tombstoned anr_data_file:file { append write };
|
|
|
|
# Changes for the new stack dumping mechanism. Each trace goes into a
|
|
# separate file, and these files are managed by tombstoned.
|
|
allow tombstoned anr_data_file:dir rw_dir_perms;
|
|
allow tombstoned anr_data_file:file { getattr open create };
|