Sepolicy: Refactor long lines for debuggerd backtraces

Split single lines in preparation for new additions. Bug: 28658141 Change-Id: I89f6a52bd2d145c53dd6bb39177578f51a352acf

Sepolicy: Refactor long lines for debuggerd backtraces
Split single lines in preparation for new additions. Bug: 28658141 Change-Id: I89f6a52bd2d145c53dd6bb39177578f51a352acf
0983db4a · Andreas Gampe · 8d19cabf · 0983db4a · 0983db4a · 0983db4a
Commit 0983db4a authored 8 years ago by Andreas Gampe
--- a/debuggerd.te
+++ b/debuggerd.te
@@ -32,7 +32,18 @@ allow debuggerd system_data_file:file open;
 # This only happens on 64 bit systems, where all requests go to the 64 bit
 # debuggerd and get redirected to the 32 bit debuggerd if the process is 32 bit.

-allow debuggerd { audioserver cameraserver drmserver inputflinger mediacodec mediadrmserver mediaextractor mediaserver sdcardd surfaceflinger }:debuggerd dump_backtrace;
+allow debuggerd {
+  audioserver
+  cameraserver
+  drmserver
+  inputflinger
+  mediacodec
+  mediadrmserver
+  mediaextractor
+  mediaserver
+  sdcardd
+  surfaceflinger
+}:debuggerd dump_backtrace;

 # Connect to system_server via /data/system/ndebugsocket.
 unix_socket_connect(debuggerd, system_ndebug, system_server)

--- a/dumpstate.te
+++ b/dumpstate.te
@@ -48,9 +48,31 @@ allow dumpstate { appdomain autoplay_app system_server }:process signal;

 # Signal native processes to dump their stack.
 # This list comes from native_processes_to_dump in dumpstate/utils.c
-allow dumpstate { audioserver cameraserver drmserver inputflinger mediacodec mediadrmserver mediaextractor mediaserver sdcardd surfaceflinger }:process signal;
+allow dumpstate {
+  audioserver
+  cameraserver
+  drmserver
+  inputflinger
+  mediacodec
+  mediadrmserver
+  mediaextractor
+  mediaserver
+  sdcardd
+  surfaceflinger
+}:process signal;
 # Ask debuggerd for the backtraces of these processes.
-allow dumpstate { audioserver cameraserver drmserver inputflinger mediacodec mediadrmserver mediaextractor mediaserver sdcardd surfaceflinger }:debuggerd dump_backtrace;
+allow dumpstate {
+  audioserver
+  cameraserver
+  drmserver
+  inputflinger
+  mediacodec
+  mediadrmserver
+  mediaextractor
+  mediaserver
+  sdcardd
+  surfaceflinger
+}:debuggerd dump_backtrace;

 # Execute and transition to the vdc domain
 domain_auto_trans(dumpstate, vdc_exec, vdc)

--- a/system_server.te
+++ b/system_server.te
@@ -150,7 +150,22 @@ binder_call(system_server, netd)
 binder_service(system_server)

 # Ask debuggerd to dump backtraces for native stacks of interest.
-allow system_server { audioserver cameraserver drmserver inputflinger mediacodec mediadrmserver mediaextractor mediaserver sdcardd surfaceflinger }:debuggerd dump_backtrace;
+#
+# This is derived from the list that system server defines as interesting native processes
+# to dump during ANRs or watchdog aborts, defined in NATIVE_STACKS_OF_INTEREST in
+# frameworks/base/services/core/java/com/android/server/Watchdog.java.
+allow system_server {
+  audioserver
+  cameraserver
+  drmserver
+  inputflinger
+  mediacodec
+  mediadrmserver
+  mediaextractor
+  mediaserver
+  sdcardd
+  surfaceflinger
+}:debuggerd dump_backtrace;

 # Use sockets received over binder from various services.
 allow system_server audioserver:tcp_socket rw_socket_perms;