commit 275ea12d84eddb60dbe68d7e0d9715fcbdc99e23
author Mark Salyzyn <salyzyn@google.com> Tue Aug 07 16:03:47 2018 -0700
committer Mark Salyzyn <salyzyn@google.com> Tue Sep 04 17:02:30 2018 +0000
tree 948b1cd2bd2972ccdaf72610ccdce461f3a33501
parent b9cb73ad4e779f8b5dfb1ad09541d97e777ca672

llkd: Add stack symbol checking

llkd needs the ptrace capabilities and dac override to monitor for
live lock conditions on the stack dumps.

Test: compile
Bug: 33808187
Change-Id: Ibc1e4cc10395fa9685c4ef0ca214daf212a5e126

private/llkd.te

diff --git a/private/llkd.te b/private/llkd.te
index 54c6d04..73e3f58 100644
--- a/private/llkd.te
+++ b/private/llkd.te
@@ -3,7 +3,13 @@
 
 init_daemon_domain(llkd)
 
+get_prop(llkd, llkd_prop)
+
 allow llkd self:global_capability_class_set kill;
+userdebug_or_eng(`
+  allow llkd self:global_capability_class_set sys_ptrace;
+  allow llkd self:global_capability_class_set dac_override;
+')
 
 # llkd optionally locks itself in memory, to prevent it from being
 # swapped out and unable to discover a kernel in live-lock state.
@@ -12,6 +18,16 @@
 # Send kill signals to _anyone_ suffering from Live Lock
 allow llkd domain:process sigkill;
 
+# read stack to check for Live Lock
+userdebug_or_eng(`
+  allow llkd {
+    domain
+    -keystore
+    -init
+    -llkd
+  }:process ptrace;
+')
+
 # live lock watchdog process allowed to look through /proc/
 allow llkd domain:dir r_dir_perms;
 allow llkd domain:file r_file_perms;
@@ -27,6 +43,7 @@
 ### neverallow rules
 
 neverallow { domain -init } llkd:process { dyntransition transition };
+neverallow { domain userdebug_or_eng(`-crash_dump') } llkd:process ptrace;
 
 # never honor LD_PRELOAD
 neverallow * llkd:process noatsecure;