Merge "Allow fallback crash dumping for seccomped processes."

public/domain.te

@@ -452,8 +452,17 @@ neverallow {
   -crash_dump
   -dumpstate
   -system_server
+
+  # Processes that can't exec crash_dump
+  -mediacodec
+  -mediaextractor
 } tombstoned:unix_stream_socket connectto;
-neverallow { domain -crash_dump } tombstoned_crash_socket:sock_file write;
+neverallow {
+  domain
+  -crash_dump
+  -mediacodec
+  -mediaextractor
+} tombstoned_crash_socket:sock_file write;
 neverallow { domain -dumpstate -system_server } tombstoned_intercept_socket:sock_file write;
 
 # Android does not support System V IPCs.

public/mediacodec.te

@@ -19,6 +19,7 @@ allow mediacodec ion_device:chr_file rw_file_perms;
 allow mediacodec hal_graphics_allocator:fd use;
 allow mediacodec hal_camera:fd use;
 
+crash_dump_fallback(mediacodec)
 
 # hidl access
 hwbinder_use(mediacodec)

public/mediaextractor.te

@@ -18,6 +18,8 @@ allow mediaextractor system_server:fd use;
 r_dir_file(mediaextractor, cgroup)
 allow mediaextractor proc_meminfo:file r_file_perms;
 
+crash_dump_fallback(mediaextractor)
+
 ###
 ### neverallow rules
 ###

public/te_macros

@@ -390,6 +390,18 @@ define(`recovery_only', ifelse(target_recovery, `true', $1, ))
 #
 define(`userdebug_or_eng', ifelse(target_build_variant, `eng', $1, ifelse(target_build_variant, `userdebug', $1)))
 
+####################################
+# Fallback crash handling for processes that can't exec crash_dump (e.g. because of seccomp).
+#
+define(`crash_dump_fallback', `
+userdebug_or_eng(`
+  allow $1 su:fifo_file append;
+')
+allow $1 anr_data_file:file append;
+allow $1 tombstoned:unix_stream_socket connectto;
+allow $1 tombstoned_crash_socket:sock_file write;
+')
+
 #####################################
 # WITH_DEXPREOPT builds
 # SELinux rules which apply only when pre-opting.