commit f2acb20e1b6dce01ecbcebd11607b72bed6e3b25
author Christopher Ferris <cferris@google.com> Wed Sep 08 12:41:47 2021 -0700
committer Christopher Ferris <cferris@google.com> Thu Sep 09 14:49:36 2021 -0700
tree d5e6085f296738edeb7040382ddc98a56578e8f2
parent 2f7600920d42a6cc5cb88fbe1b5c457a970587c6

Allow crash_dump to read from /data/local/tests.

Without this change, any crash from an executable in /data/local/tests
is incomplete. Specifically, function names are missing which makes
the crash nearly useless for debugging.

Bug: 197229540

Test: Used the crasher executable and copied it to /data/local/tests
Test: and verified that running it as root and shell results in
Test: tombstones that have full unwinds with function names.
Change-Id: Ic4862ca6ee9b02132a593ccd5fe26508ed5c8510

public/crash_dump.te

diff --git a/public/crash_dump.te b/public/crash_dump.te
index 472e1dc..45269c3 100644
--- a/public/crash_dump.te
+++ b/public/crash_dump.te
@@ -43,6 +43,9 @@
 # Read all /vendor
 r_dir_file(crash_dump, { vendor_file same_process_hal_file })
 
+# Read all /data/local/tests
+r_dir_file(crash_dump, shell_test_data_file)
+
 # Talk to tombstoned
 unix_socket_connect(crash_dump, tombstoned_crash, tombstoned)
 

public/domain.te

diff --git a/public/domain.te b/public/domain.te
index 3643d8c..19562b1 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -474,7 +474,7 @@
 
 neverallow { domain -shell -init -adbd } shell_test_data_file:file_class_set no_w_file_perms;
 neverallow { domain -shell -init -adbd } shell_test_data_file:dir no_w_dir_perms;
-neverallow { domain -shell -init -adbd -heapprofd } shell_test_data_file:file *;
+neverallow { domain -shell -init -adbd -heapprofd -crash_dump } shell_test_data_file:file *;
 neverallow heapprofd shell_test_data_file:file { no_w_file_perms no_x_file_perms };
 neverallow { domain -shell -init -adbd } shell_test_data_file:sock_file *;