| Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 1 | # debugger interface |
| 2 | type debuggerd, domain; |
| Stephen Smalley | 258cb17 | 2013-10-29 14:42:35 -0400 | [diff] [blame^] | 3 | permissive debuggerd; |
| Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 4 | type debuggerd_exec, exec_type, file_type; |
| 5 | |
| 6 | init_daemon_domain(debuggerd) |
| Stephen Smalley | 258cb17 | 2013-10-29 14:42:35 -0400 | [diff] [blame^] | 7 | typeattribute debuggerd mlstrustedsubject; |
| 8 | allow debuggerd self:capability { dac_override sys_ptrace chown kill fowner }; |
| 9 | allow debuggerd self:capability2 { syslog }; |
| 10 | allow debuggerd domain:dir r_dir_perms; |
| 11 | allow debuggerd domain:file r_file_perms; |
| 12 | allow debuggerd domain:process ptrace; |
| 13 | security_access_policy(debuggerd) |
| 14 | allow debuggerd system_data_file:dir create_dir_perms; |
| 15 | allow debuggerd system_data_file:dir relabelfrom; |
| Nick Kralevich | 08f01a3 | 2013-07-12 15:38:41 -0700 | [diff] [blame] | 16 | relabelto_domain(debuggerd) |
| 17 | allow debuggerd tombstone_data_file:dir relabelto; |
| Stephen Smalley | 258cb17 | 2013-10-29 14:42:35 -0400 | [diff] [blame^] | 18 | allow debuggerd tombstone_data_file:dir create_dir_perms; |
| 19 | allow debuggerd tombstone_data_file:file create_file_perms; |
| 20 | allow debuggerd domain:process { sigstop signal }; |
| 21 | allow debuggerd exec_type:file r_file_perms; |
| 22 | # Access app library |
| 23 | allow debuggerd system_data_file:file open; |
| Stephen Smalley | 45ba665 | 2013-09-27 10:24:49 -0400 | [diff] [blame] | 24 | |
| 25 | # Connect to system_server via /data/system/ndebugsocket. |
| 26 | unix_socket_connect(debuggerd, system_ndebug, system_server) |