commit 12b4750fec765524e8201c763baefd70eeb1dbfb
author Josh Gao <jmgao@google.com> Mon Mar 06 18:13:05 2017 -0800
committer Josh Gao <jmgao@google.com> Tue Mar 07 15:53:46 2017 -0800
tree 65bc1de8ad8959a1f3b378bcc8459e6f3a76ddd2
parent 87ae5f7dbd894ad72da05bae6f3381c0eae190b7

Allow fallback crash dumping for seccomped processes.

Let mediacodec and mediaextractor talk directly to tombstoned to
generate tombstones/ANR traces.

Bug: http://b/35858739
Test: debuggerd -b `pidof media.codec`
Change-Id: I091be946d58907c5aa7a2fe23995597638adc896

public/domain.te

diff --git a/public/domain.te b/public/domain.te
index 19243a6..9631c9c 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -452,8 +452,17 @@
   -crash_dump
   -dumpstate
   -system_server
+
+  # Processes that can't exec crash_dump
+  -mediacodec
+  -mediaextractor
 } tombstoned:unix_stream_socket connectto;
-neverallow { domain -crash_dump } tombstoned_crash_socket:sock_file write;
+neverallow {
+  domain
+  -crash_dump
+  -mediacodec
+  -mediaextractor
+} tombstoned_crash_socket:sock_file write;
 neverallow { domain -dumpstate -system_server } tombstoned_intercept_socket:sock_file write;
 
 # Android does not support System V IPCs.

public/mediacodec.te

diff --git a/public/mediacodec.te b/public/mediacodec.te
index a7d7807..99ebdb1 100644
--- a/public/mediacodec.te
+++ b/public/mediacodec.te
@@ -19,6 +19,7 @@
 allow mediacodec hal_graphics_allocator:fd use;
 allow mediacodec hal_camera:fd use;
 
+crash_dump_fallback(mediacodec)
 
 # hidl access
 hwbinder_use(mediacodec)

public/mediaextractor.te

diff --git a/public/mediaextractor.te b/public/mediaextractor.te
index 43d511c..398d413 100644
--- a/public/mediaextractor.te
+++ b/public/mediaextractor.te
@@ -18,6 +18,8 @@
 r_dir_file(mediaextractor, cgroup)
 allow mediaextractor proc_meminfo:file r_file_perms;
 
+crash_dump_fallback(mediaextractor)
+
 ###
 ### neverallow rules
 ###

public/te_macros

diff --git a/public/te_macros b/public/te_macros
index d6bdf61..f70d791 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -390,6 +390,18 @@
 #
 define(`userdebug_or_eng', ifelse(target_build_variant, `eng', $1, ifelse(target_build_variant, `userdebug', $1)))
 
+####################################
+# Fallback crash handling for processes that can't exec crash_dump (e.g. because of seccomp).
+#
+define(`crash_dump_fallback', `
+userdebug_or_eng(`
+  allow $1 su:fifo_file append;
+')
+allow $1 anr_data_file:file append;
+allow $1 tombstoned:unix_stream_socket connectto;
+allow $1 tombstoned_crash_socket:sock_file write;
+')
+
 #####################################
 # WITH_DEXPREOPT builds
 # SELinux rules which apply only when pre-opting.