Allow debuggerd execmem on debuggable domains

In anticipation of fixing a loophole in the Linux kernel that allows circumventing the execmem permission by using the ptrace interface, this patch grants execmem permission on debuggable domains to debuggerd. This will be required for setting software break points once the kernel has been fixed. Bug: 31000401 Change-Id: I9b8d5853b643d24b94d36e2adbcb135dbaef8b1e

Allow debuggerd execmem on debuggable domains
In anticipation of fixing a loophole in the Linux kernel that allows circumventing the execmem permission by using the ptrace interface, this patch grants execmem permission on debuggable domains to debuggerd. This will be required for setting software break points once the kernel has been fixed. Bug: 31000401 Change-Id: I9b8d5853b643d24b94d36e2adbcb135dbaef8b1e
071b935d · Janis Danisevskis · 1a640f32 · 071b935d
Commit 071b935d authored 8 years ago by Janis Danisevskis
--- a/debuggerd.te
+++ b/debuggerd.te
@@ -18,7 +18,7 @@ allow debuggerd {
  -keystore
  -ueventd
  -watchdogd
-}:process { ptrace getattr };
+}:process { execmem ptrace getattr };
 allow debuggerd tombstone_data_file:dir rw_dir_perms;
 allow debuggerd tombstone_data_file:file create_file_perms;
 allow debuggerd shared_relro_file:dir r_dir_perms;