Merge "Allow permissions needed for gdb debugging"

commit: ecf787e85f6587c52f2bd2389ac0cdac8d6fe3d5 [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Thu Jan 31 05:58:55 2019 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Jan 31 05:58:55 2019 +0000
tree: 20679ba7caa20ea4c74785e4b2accd6716bd8650
parent: cd6a6a09337eddb68da715430283b664be24ecfd [diff]
parent: 337f56467b9a29d69a3bd54b7e0193a61a7ac1e6 [diff]
diff --git a/private/runas_app.te b/private/runas_app.te
index 638702c..525aea1 100644
--- a/private/runas_app.te
+++ b/private/runas_app.te

@@ -14,4 +14,4 @@
 r_dir_file(runas_app, untrusted_app_all)
 
 # Allow lldb/ndk-gdb/simpleperf to ptrace attach to debuggable app processes.
-allow runas_app untrusted_app_all:process ptrace;
+allow runas_app untrusted_app_all:process { ptrace signal sigstop };

diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index 712a360..2c44627 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te

@@ -112,6 +112,10 @@
 # b/123297648
 allow untrusted_app_all runas_app:unix_stream_socket connectto;
 
+# Untrusted apps need to be able to send a SIGCHLD to runas_app
+# when running under a debugger (b/123612207)
+allow untrusted_app_all runas_app:process sigchld;
+
 # Cts: HwRngTest
 allow untrusted_app_all sysfs_hwrandom:dir search;
 allow untrusted_app_all sysfs_hwrandom:file r_file_perms;
commit	ecf787e85f6587c52f2bd2389ac0cdac8d6fe3d5	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Thu Jan 31 05:58:55 2019 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Thu Jan 31 05:58:55 2019 +0000
tree	20679ba7caa20ea4c74785e4b2accd6716bd8650
parent	cd6a6a09337eddb68da715430283b664be24ecfd [diff]
parent	337f56467b9a29d69a3bd54b7e0193a61a7ac1e6 [diff]