Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 7ed2456b455d0898d608d40d99854a478bc67db7^! / .
commit7ed2456b455d0898d608d40d99854a478bc67db7[log] [tgz]
authorWoody Lin <woodylin@google.com>Wed Jul 28 09:12:59 2021 +0800
committerWoody Lin <woodylin@google.com>Tue Sep 07 01:18:25 2021 +0800
treef4171f0b9fcdbaa2200d13a4ef7d9fb2ad651fb4
parentd1ac340034a48195fa4392fca5b567c4401cee20 [diff]
Add userspace_panic_device and userpanic_use

Define type userspace_panic_device and macro userpanic_use for init,
llkd, and system_server to access /dev/userspace_panic - a kernel file
node for userspace processes to request kernel panic.

Bug: 188777408
Change-Id: I1e9d115d85f664aa84bdd6bb4b95bdb48e3aab9a

diff --git a/private/file.te b/private/file.te
index 124309c..e185b85 100644
--- a/private/file.te
+++ b/private/file.te

@@ -68,3 +68,6 @@
 
 # /dev/kvm
 type kvm_device, dev_type;
+
+# /dev/userspace_panic
+type userspace_panic_device, dev_type;

diff --git a/private/file_contexts b/private/file_contexts
index 0c8bf78..8849602 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -191,6 +191,7 @@
 /dev/uio[0-9]*		u:object_r:uio_device:s0
 /dev/urandom		u:object_r:random_device:s0
 /dev/usb_accessory	u:object_r:usbaccessory_device:s0
+/dev/userspace_panic	u:object_r:userspace_panic_device:s0
 /dev/v4l-touch[0-9]*	u:object_r:input_device:s0
 /dev/vhost-vsock	u:object_r:kvm_device:s0
 /dev/video[0-9]*	u:object_r:video_device:s0

diff --git a/private/init.te b/private/init.te
index f569e0c..400e47c 100644
--- a/private/init.te
+++ b/private/init.te

@@ -112,3 +112,6 @@
   -kvm_device
   -port_device
 }:chr_file setattr;
+
+# Allow use userpanic to request panic.
+allow init userspace_panic_device:chr_file w_file_perms;

diff --git a/private/llkd.te b/private/llkd.te
index 9c96dfb..0d19f62 100644
--- a/private/llkd.te
+++ b/private/llkd.te

@@ -44,6 +44,9 @@
 allow llkd proc_sysrq:file rw_file_perms;
 allow llkd kmsg_device:chr_file w_file_perms;
 
+# Allow use userpanic to request panic.
+allow llkd userspace_panic_device:chr_file w_file_perms;
+
 ### neverallow rules
 
 neverallow { domain -init } llkd:process { dyntransition transition };

diff --git a/private/system_server.te b/private/system_server.te
index 5650a7a..13d620d 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -1156,6 +1156,9 @@
 # Allow system server to read profcollectd reports for upload.
 userdebug_or_eng(`r_dir_file(system_server, profcollectd_data_file)')
 
+# Allow use userpanic to request panic.
+allow system_server userspace_panic_device:chr_file w_file_perms;
+
 ###
 ### Neverallow rules
 ###