Allowing incidentd to get stack traces from processes.
Bug: 72177715
Test: flash device and check incident output
Change-Id: I16c172caec235d985a6767642134fbd5e5c23912
(cherry picked from commit 985db6d8dd2a2168a1e9ee741d89e03a0e3a76b9)
diff --git a/private/domain.te b/private/domain.te
index aa43058..fb6ba4f 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -9,6 +9,7 @@
domain
-vold
-dumpstate
+ userdebug_or_eng(`-incidentd')
-storaged
-system_server
userdebug_or_eng(`-perfprofd')
diff --git a/private/incidentd.te b/private/incidentd.te
index 22ff985..6b248f1 100644
--- a/private/incidentd.te
+++ b/private/incidentd.te
@@ -46,32 +46,47 @@
allow incidentd incident_data_file:dir rw_dir_perms;
allow incidentd incident_data_file:file create_file_perms;
-# Get process attributes
-# TODO allow incidentd domain:process getattr;
+# Enable incidentd to get stack traces.
+binder_use(incidentd)
+hwbinder_use(incidentd)
+allow incidentd hwservicemanager:hwservice_manager { list };
+get_prop(incidentd, hwservicemanager_prop)
+allow incidentd hidl_manager_hwservice:hwservice_manager { find };
# Read files in /proc
allow incidentd {
+ proc_cmdline
+ proc_pipe_conf
proc_stat
}:file r_file_perms;
# Signal java processes to dump their stack and get the results
-# TODO allow incidentd { appdomain ephemeral_app system_server }:process signal;
-# TODO allow incidentd anr_data_file:dir create_dir_perms;
-# TODO allow incidentd anr_data_file:file create_file_perms;
+allow incidentd { appdomain ephemeral_app system_server }:process signal;
# Signal native processes to dump their stack.
# This list comes from native_processes_to_dump in incidentd/utils.c
allow incidentd {
+ # This list comes from native_processes_to_dump in dumputils/dump_utils.cpp
audioserver
cameraserver
drmserver
inputflinger
- mediacodec
mediadrmserver
mediaextractor
+ mediametrics
mediaserver
sdcardd
+ statsd
surfaceflinger
+
+ # This list comes from hal_interfaces_to_dump in dumputils/dump_utils.cpp
+ hal_audio_server
+ hal_bluetooth_server
+ hal_camera_server
+ hal_graphics_composer_server
+ hal_sensors_server
+ hal_vr_server
+ mediacodec # TODO(b/36375899): hal_omx_server
}:process signal;
# Allow incidentd to make binder calls to any binder service
@@ -79,7 +94,18 @@
binder_call(incidentd, appdomain)
# Reading /proc/PID/maps of other processes
-# TODO allow incidentd self:global_capability_class_set sys_ptrace;
+userdebug_or_eng(`allow incidentd self:global_capability_class_set { sys_ptrace }');
+# incidentd has capability sys_ptrace, but should only use that capability for
+# accessing sensitive /proc/PID files, never for using ptrace attach.
+neverallow incidentd *:process ptrace;
+
+allow incidentd self:global_capability_class_set {
+ # Send signals to processes
+ kill
+};
+
+# Connect to tombstoned to intercept dumps.
+unix_socket_connect(incidentd, tombstoned_intercept, tombstoned)
# Run a shell.
allow incidentd shell_exec:file rx_file_perms;
diff --git a/private/system_server.te b/private/system_server.te
index 365c00a..9830bd6 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -372,10 +372,11 @@
#
# Allow system_server to connect and write to the tombstoned java trace socket in
# order to dump its traces. Also allow the system server to write its traces to
-# dumpstate during bugreport capture.
+# dumpstate during bugreport capture and incidentd during incident collection.
unix_socket_connect(system_server, tombstoned_java_trace, tombstoned)
allow system_server tombstoned:fd use;
allow system_server dumpstate:fifo_file append;
+allow system_server incidentd:fifo_file append;
# Read /data/misc/incidents - only read. The fd will be sent over binder,
# with no DAC access to it, for dropbox to read.