Skip to content
Snippets Groups Projects
Commit 56f39193 authored by Nick Kralevich's avatar Nick Kralevich Committed by Gerrit Code Review
Browse files

Merge "Confine debuggerd, but leave it permissive for now."

parents af47ebb6 258cb17a
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 16 additions and 1 deletion
debuggerd.te
+ 16
1
View file @ 56f39193
# debugger interface # debugger interface
type debuggerd, domain; type debuggerd, domain;
permissive debuggerd;
type debuggerd_exec, exec_type, file_type; type debuggerd_exec, exec_type, file_type;
init_daemon_domain(debuggerd) init_daemon_domain(debuggerd)
unconfined_domain(debuggerd) typeattribute debuggerd mlstrustedsubject;
allow debuggerd self:capability { dac_override sys_ptrace chown kill fowner };
allow debuggerd self:capability2 { syslog };
allow debuggerd domain:dir r_dir_perms;
allow debuggerd domain:file r_file_perms;
allow debuggerd domain:process ptrace;
security_access_policy(debuggerd)
allow debuggerd system_data_file:dir create_dir_perms;
allow debuggerd system_data_file:dir relabelfrom;
relabelto_domain(debuggerd) relabelto_domain(debuggerd)
allow debuggerd tombstone_data_file:dir relabelto; allow debuggerd tombstone_data_file:dir relabelto;
allow debuggerd tombstone_data_file:dir create_dir_perms;
allow debuggerd tombstone_data_file:file create_file_perms;
allow debuggerd domain:process { sigstop signal };
allow debuggerd exec_type:file r_file_perms;
# Access app library
allow debuggerd system_data_file:file open;
# Connect to system_server via /data/system/ndebugsocket. # Connect to system_server via /data/system/ndebugsocket.
unix_socket_connect(debuggerd, system_ndebug, system_server) unix_socket_connect(debuggerd, system_ndebug, system_server)
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment