Skip to content
Snippets Groups Projects
Commit 929da9c3 authored by Nick Kralevich's avatar Nick Kralevich Committed by android-build-merger
Browse files

Prevent ptrace of logd on user builds am: cb5f4a3d am: 38cd0764 

am: 2d49da8c

Change-Id: I3e36f8ef50553d63474c5fe7544217859a82d252
parents 2658dc46 2d49da8c
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
public/debuggerd.te
+ 6
0
View file @ 929da9c3
......@@ -15,9 +15,15 @@ allow debuggerd {
-healthd
-init
-keystore
-logd
-ueventd
-watchdogd
}:process { execmem ptrace getattr };
userdebug_or_eng(`
allow debuggerd logd:process { execmem ptrace getattr };
')
allow debuggerd tombstone_data_file:dir rw_dir_perms;
allow debuggerd tombstone_data_file:file create_file_perms;
allow debuggerd shared_relro_file:dir r_dir_perms;
......
public/logd.te
+ 3
0
View file @ 929da9c3
......@@ -48,6 +48,9 @@ neverallow logd dev_type:blk_file { read write };
# ptrace any other app
neverallow logd domain:process ptrace;
# ... and nobody may ptrace me (except on userdebug or eng builds)
neverallow { domain userdebug_or_eng(`-debuggerd') } logd:process ptrace;
# Write to /system.
neverallow logd system_file:dir_file_class_set write;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment