Allow system watchdog to collect traces from vold.
We're investigating a bug where vold gets wedged, and we need to
collect ANR stack traces from it to debug further.
avc: denied { signal } for comm="watchdog" scontext=u:r:system_server:s0 tcontext=u:r:vold:s0 tclass=process permissive=0
avc: denied { ptrace } for scontext=u:r:crash_dump:s0 tcontext=u:r:vold:s0 tclass=process permissive=0
Bug: 122090837
Test: manual
Change-Id: I738e63717715189b9ae2317472f671e3563afaa9
diff --git a/private/crash_dump.te b/private/crash_dump.te
index fe25bad..bb13bff 100644
--- a/private/crash_dump.te
+++ b/private/crash_dump.te
@@ -15,7 +15,7 @@
-vold
}:process { ptrace signal sigchld sigstop sigkill };
userdebug_or_eng(`
- allow crash_dump { llkd logd }:process { ptrace signal sigchld sigstop sigkill };
+ allow crash_dump { llkd logd vold }:process { ptrace signal sigchld sigstop sigkill };
')
###
@@ -37,6 +37,7 @@
ueventd
vendor_init
vold
+ userdebug_or_eng(`-vold')
}:process { signal sigstop sigkill };
neverallow crash_dump self:process ptrace;
diff --git a/private/system_server.te b/private/system_server.te
index 2cf5ea7..27407f0 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -276,6 +276,7 @@
sdcardd
statsd
surfaceflinger
+ vold
# This list comes from HAL_INTERFACES_OF_INTEREST in
# frameworks/base/services/core/java/com/android/server/Watchdog.java.