From 0983db4aa94b13995b5fbef5f60eb5a07e00378d Mon Sep 17 00:00:00 2001
From: Andreas Gampe <agampe@google.com>
Date: Wed, 11 May 2016 18:40:27 -0700
Subject: [PATCH] Sepolicy: Refactor long lines for debuggerd backtraces

Split single lines in preparation for new additions.

Bug: 28658141
Change-Id: I89f6a52bd2d145c53dd6bb39177578f51a352acf
---
 debuggerd.te     | 13 ++++++++++++-
 dumpstate.te     | 26 ++++++++++++++++++++++++--
 system_server.te | 17 ++++++++++++++++-
 3 files changed, 52 insertions(+), 4 deletions(-)

diff --git a/debuggerd.te b/debuggerd.te
index 9212d0eaf..cd12b8490 100644
--- a/debuggerd.te
+++ b/debuggerd.te
@@ -32,7 +32,18 @@ allow debuggerd system_data_file:file open;
 # This only happens on 64 bit systems, where all requests go to the 64 bit
 # debuggerd and get redirected to the 32 bit debuggerd if the process is 32 bit.
 
-allow debuggerd { audioserver cameraserver drmserver inputflinger mediacodec mediadrmserver mediaextractor mediaserver sdcardd surfaceflinger }:debuggerd dump_backtrace;
+allow debuggerd {
+  audioserver
+  cameraserver
+  drmserver
+  inputflinger
+  mediacodec
+  mediadrmserver
+  mediaextractor
+  mediaserver
+  sdcardd
+  surfaceflinger
+}:debuggerd dump_backtrace;
 
 # Connect to system_server via /data/system/ndebugsocket.
 unix_socket_connect(debuggerd, system_ndebug, system_server)
diff --git a/dumpstate.te b/dumpstate.te
index ebc0d676c..6ee8b058e 100644
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -48,9 +48,31 @@ allow dumpstate { appdomain autoplay_app system_server }:process signal;
 
 # Signal native processes to dump their stack.
 # This list comes from native_processes_to_dump in dumpstate/utils.c
-allow dumpstate { audioserver cameraserver drmserver inputflinger mediacodec mediadrmserver mediaextractor mediaserver sdcardd surfaceflinger }:process signal;
+allow dumpstate {
+  audioserver
+  cameraserver
+  drmserver
+  inputflinger
+  mediacodec
+  mediadrmserver
+  mediaextractor
+  mediaserver
+  sdcardd
+  surfaceflinger
+}:process signal;
 # Ask debuggerd for the backtraces of these processes.
-allow dumpstate { audioserver cameraserver drmserver inputflinger mediacodec mediadrmserver mediaextractor mediaserver sdcardd surfaceflinger }:debuggerd dump_backtrace;
+allow dumpstate {
+  audioserver
+  cameraserver
+  drmserver
+  inputflinger
+  mediacodec
+  mediadrmserver
+  mediaextractor
+  mediaserver
+  sdcardd
+  surfaceflinger
+}:debuggerd dump_backtrace;
 
 # Execute and transition to the vdc domain
 domain_auto_trans(dumpstate, vdc_exec, vdc)
diff --git a/system_server.te b/system_server.te
index 67dc16ab5..65f4d96c6 100644
--- a/system_server.te
+++ b/system_server.te
@@ -150,7 +150,22 @@ binder_call(system_server, netd)
 binder_service(system_server)
 
 # Ask debuggerd to dump backtraces for native stacks of interest.
-allow system_server { audioserver cameraserver drmserver inputflinger mediacodec mediadrmserver mediaextractor mediaserver sdcardd surfaceflinger }:debuggerd dump_backtrace;
+#
+# This is derived from the list that system server defines as interesting native processes
+# to dump during ANRs or watchdog aborts, defined in NATIVE_STACKS_OF_INTEREST in
+# frameworks/base/services/core/java/com/android/server/Watchdog.java.
+allow system_server {
+  audioserver
+  cameraserver
+  drmserver
+  inputflinger
+  mediacodec
+  mediadrmserver
+  mediaextractor
+  mediaserver
+  sdcardd
+  surfaceflinger
+}:debuggerd dump_backtrace;
 
 # Use sockets received over binder from various services.
 allow system_server audioserver:tcp_socket rw_socket_perms;
-- 
GitLab