Sepolicy: Refactor long lines for debuggerd backtraces
Split single lines in preparation for new additions.
Bug: 28658141
Change-Id: I89f6a52bd2d145c53dd6bb39177578f51a352acf
diff --git a/debuggerd.te b/debuggerd.te
index 9212d0e..cd12b84 100644
--- a/debuggerd.te
+++ b/debuggerd.te
@@ -32,7 +32,18 @@
# This only happens on 64 bit systems, where all requests go to the 64 bit
# debuggerd and get redirected to the 32 bit debuggerd if the process is 32 bit.
-allow debuggerd { audioserver cameraserver drmserver inputflinger mediacodec mediadrmserver mediaextractor mediaserver sdcardd surfaceflinger }:debuggerd dump_backtrace;
+allow debuggerd {
+ audioserver
+ cameraserver
+ drmserver
+ inputflinger
+ mediacodec
+ mediadrmserver
+ mediaextractor
+ mediaserver
+ sdcardd
+ surfaceflinger
+}:debuggerd dump_backtrace;
# Connect to system_server via /data/system/ndebugsocket.
unix_socket_connect(debuggerd, system_ndebug, system_server)
diff --git a/dumpstate.te b/dumpstate.te
index ebc0d67..6ee8b05 100644
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -48,9 +48,31 @@
# Signal native processes to dump their stack.
# This list comes from native_processes_to_dump in dumpstate/utils.c
-allow dumpstate { audioserver cameraserver drmserver inputflinger mediacodec mediadrmserver mediaextractor mediaserver sdcardd surfaceflinger }:process signal;
+allow dumpstate {
+ audioserver
+ cameraserver
+ drmserver
+ inputflinger
+ mediacodec
+ mediadrmserver
+ mediaextractor
+ mediaserver
+ sdcardd
+ surfaceflinger
+}:process signal;
# Ask debuggerd for the backtraces of these processes.
-allow dumpstate { audioserver cameraserver drmserver inputflinger mediacodec mediadrmserver mediaextractor mediaserver sdcardd surfaceflinger }:debuggerd dump_backtrace;
+allow dumpstate {
+ audioserver
+ cameraserver
+ drmserver
+ inputflinger
+ mediacodec
+ mediadrmserver
+ mediaextractor
+ mediaserver
+ sdcardd
+ surfaceflinger
+}:debuggerd dump_backtrace;
# Execute and transition to the vdc domain
domain_auto_trans(dumpstate, vdc_exec, vdc)
diff --git a/system_server.te b/system_server.te
index 67dc16a..65f4d96 100644
--- a/system_server.te
+++ b/system_server.te
@@ -150,7 +150,22 @@
binder_service(system_server)
# Ask debuggerd to dump backtraces for native stacks of interest.
-allow system_server { audioserver cameraserver drmserver inputflinger mediacodec mediadrmserver mediaextractor mediaserver sdcardd surfaceflinger }:debuggerd dump_backtrace;
+#
+# This is derived from the list that system server defines as interesting native processes
+# to dump during ANRs or watchdog aborts, defined in NATIVE_STACKS_OF_INTEREST in
+# frameworks/base/services/core/java/com/android/server/Watchdog.java.
+allow system_server {
+ audioserver
+ cameraserver
+ drmserver
+ inputflinger
+ mediacodec
+ mediadrmserver
+ mediaextractor
+ mediaserver
+ sdcardd
+ surfaceflinger
+}:debuggerd dump_backtrace;
# Use sockets received over binder from various services.
allow system_server audioserver:tcp_socket rw_socket_perms;