Introduce crash_dump debugging helper.
Replace the global debuggerd with a per-process debugging helper that
gets exec'ed by the process that crashed.
Bug: http://b/30705528
Test: crasher/crasher64, `debuggerd <pid>`, `kill -ABRT <pid>`
Change-Id: Iad1b7478f7a4e2690720db4b066417d8b66834ed
diff --git a/private/access_vectors b/private/access_vectors
index 6393c16..efd4924 100644
--- a/private/access_vectors
+++ b/private/access_vectors
@@ -577,12 +577,6 @@
user_changed
}
-class debuggerd
-{
- dump_tombstone
- dump_backtrace
-}
-
class drmservice {
consumeRights
setPlaybackStatus
diff --git a/private/domain.te b/private/domain.te
index b0c7ac7..b1171f4 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -1,9 +1,14 @@
+# Transition to crash_dump when /system/bin/crash_dump* is executed.
+# This occurs when the process crashes.
+domain_auto_trans(domain, crash_dump_exec, crash_dump);
+allow domain crash_dump:process sigchld;
+
# Limit ability to ptrace or read sensitive /proc/pid files of processes
# with other UIDs to these whitelisted domains.
neverallow {
domain
- -debuggerd
-vold
+ -crash_dump
-dumpstate
-storaged
-system_server
diff --git a/private/file_contexts b/private/file_contexts
index f6e1be1..3209073 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -126,6 +126,8 @@
/dev/socket/racoon u:object_r:racoon_socket:s0
/dev/socket/rild u:object_r:rild_socket:s0
/dev/socket/rild-debug u:object_r:rild_debug_socket:s0
+/dev/socket/tombstoned_crash u:object_r:tombstoned_crash_socket:s0
+/dev/socket/tombstoned_intercept u:object_r:tombstoned_intercept_socket:s0
/dev/socket/uncrypt u:object_r:uncrypt_socket:s0
/dev/socket/vold u:object_r:vold_socket:s0
/dev/socket/webview_zygote u:object_r:webview_zygote_socket:s0
@@ -192,8 +194,9 @@
/system/bin/keystore u:object_r:keystore_exec:s0
/system/bin/fingerprintd u:object_r:fingerprintd_exec:s0
/system/bin/gatekeeperd u:object_r:gatekeeperd_exec:s0
-/system/bin/debuggerd u:object_r:debuggerd_exec:s0
-/system/bin/debuggerd64 u:object_r:debuggerd_exec:s0
+/system/bin/crash_dump32 u:object_r:crash_dump_exec:s0
+/system/bin/crash_dump64 u:object_r:crash_dump_exec:s0
+/system/bin/tombstoned u:object_r:tombstoned_exec:s0
/system/bin/wpa_supplicant u:object_r:wpa_exec:s0
/system/bin/recovery-persist u:object_r:recovery_persist_exec:s0
/system/bin/recovery-refresh u:object_r:recovery_refresh_exec:s0
diff --git a/private/security_classes b/private/security_classes
index 680d3dd..19fd5db 100644
--- a/private/security_classes
+++ b/private/security_classes
@@ -103,8 +103,5 @@
# Keystore Key
class keystore_key # userspace
-# debuggerd service
-class debuggerd # userspace
-
class drmservice # userspace
# FLASK
diff --git a/private/system_server.te b/private/system_server.te
index 7e0c2fb..0e35660 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -2,7 +2,7 @@
# public, but conceptually should go with this
# Define a type for tmpfs-backed ashmem regions.
tmpfs_domain(system_server)
-# Create a socket for connections from debuggerd.
+# Create a socket for connections from crash_dump.
type_transition system_server system_data_file:sock_file system_ndebug_socket "ndebugsocket";
allow system_server zygote_tmpfs:file read;
diff --git a/private/debuggerd.te b/private/tombstoned.te
similarity index 79%
rename from private/debuggerd.te
rename to private/tombstoned.te
index bd835af..73fdb1b 100644
--- a/private/debuggerd.te
+++ b/private/tombstoned.te
@@ -1,3 +1,3 @@
# type_transition must be private policy the domain_trans rules could stay
# public, but conceptually should go with this
-init_daemon_domain(debuggerd)
+init_daemon_domain(tombstoned)