Allow debuggerd execmem on debuggable domains In anticipation of fixing a loophole in the Linux kernel that allows circumventing the execmem permission by using the ptrace interface, this patch grants execmem permission on debuggable domains to debuggerd. This will be required for setting software break points once the kernel has been fixed. Bug: 31000401 Change-Id: I9b8d5853b643d24b94d36e2adbcb135dbaef8b1e

commit: 071b935d0bbbff90fb3f85c4e91793379d2ec37d [log] [tgz]
author: Janis Danisevskis <jdanis@google.com> Wed Sep 14 10:00:13 2016 +0100
committer: Janis Danisevskis <jdanis@google.com> Thu Sep 15 15:11:31 2016 +0100
tree: fb90e17cf3a7c0dbe3630fa4a03a6e72bd788560
parent: 1a640f327d3bf45db118e3924a0a1fb556253f60 [diff] [blame]
diff --git a/debuggerd.te b/debuggerd.te
index 1e84e8d..80d3f5c 100644
--- a/debuggerd.te
+++ b/debuggerd.te

@@ -18,7 +18,7 @@
   -keystore
   -ueventd
   -watchdogd
-}:process { ptrace getattr };
+}:process { execmem ptrace getattr };
 allow debuggerd tombstone_data_file:dir rw_dir_perms;
 allow debuggerd tombstone_data_file:file create_file_perms;
 allow debuggerd shared_relro_file:dir r_dir_perms;
commit	071b935d0bbbff90fb3f85c4e91793379d2ec37d	[log] [tgz]
author	Janis Danisevskis <jdanis@google.com>	Wed Sep 14 10:00:13 2016 +0100
committer	Janis Danisevskis <jdanis@google.com>	Thu Sep 15 15:11:31 2016 +0100
tree	fb90e17cf3a7c0dbe3630fa4a03a6e72bd788560
parent	1a640f327d3bf45db118e3924a0a1fb556253f60 [diff] [blame]