Restrict ptrace access by debuggerd and unconfineddomain. Remove init, ueventd, watchdogd, healthd and adbd from the set of domains traceable by debuggerd. bionic/linker/debugger.cpp sets up handlers for all dynamically linked programs in Android but this should not apply for statically linked programs. Exclude ptrace access from unconfineddomain. Prohibit ptrace access to init via neverallow. Change-Id: I70d742233fbe40cb4d1772a4e6cd9f8f767f2c3a Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

commit: 95e0842e341352af16bed4055ccf67878c322985 [log] [tgz]
author: Stephen Smalley <sds@tycho.nsa.gov> Mon Dec 09 12:49:47 2013 -0500
committer: Stephen Smalley <sds@tycho.nsa.gov> Mon Dec 09 12:59:17 2013 -0500
tree: 0c8f542f56aeeff8f7c4d6d4fd915b5777f64cd8
parent: 82fc3b524164588388aa3595bd2158020d93d28a [diff] [blame]
diff --git a/debuggerd.te b/debuggerd.te
index 66eac1c..0443aef 100644
--- a/debuggerd.te
+++ b/debuggerd.te

@@ -8,7 +8,7 @@
 allow debuggerd self:capability2 { syslog };
 allow debuggerd domain:dir r_dir_perms;
 allow debuggerd domain:file r_file_perms;
-allow debuggerd domain:process ptrace;
+allow debuggerd { domain -init -ueventd -watchdogd -healthd -adbd }:process ptrace;
 security_access_policy(debuggerd)
 allow debuggerd system_data_file:dir create_dir_perms;
 allow debuggerd system_data_file:dir relabelfrom;
commit	95e0842e341352af16bed4055ccf67878c322985	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Mon Dec 09 12:49:47 2013 -0500
committer	Stephen Smalley <sds@tycho.nsa.gov>	Mon Dec 09 12:59:17 2013 -0500
tree	0c8f542f56aeeff8f7c4d6d4fd915b5777f64cd8
parent	82fc3b524164588388aa3595bd2158020d93d28a [diff] [blame]