Allow fallback crash dumping for seccomped processes.

Let mediacodec and mediaextractor talk directly to tombstoned to generate tombstones/ANR traces. Bug: http://b/35858739 Test: debuggerd -b `pidof media.codec` Change-Id: I091be946d58907c5aa7a2fe23995597638adc896

Allow fallback crash dumping for seccomped processes.
Let mediacodec and mediaextractor talk directly to tombstoned to generate tombstones/ANR traces. Bug: http://b/35858739 Test: debuggerd -b `pidof media.codec` Change-Id: I091be946d58907c5aa7a2fe23995597638adc896
12b4750f · Josh Gao · 87ae5f7d · 12b4750f · 12b4750f · 12b4750f
Commit 12b4750f authored 8 years ago by Josh Gao
--- a/public/domain.te
+++ b/public/domain.te
@@ -452,8 +452,17 @@ neverallow {
  -crash_dump
  -dumpstate
  -system_server
+
+  # Processes that can't exec crash_dump
+  -mediacodec
+  -mediaextractor
 } tombstoned:unix_stream_socket connectto;
-neverallow { domain -crash_dump } tombstoned_crash_socket:sock_file write;
+neverallow {
+  domain
+  -crash_dump
+  -mediacodec
+  -mediaextractor
+} tombstoned_crash_socket:sock_file write;
 neverallow { domain -dumpstate -system_server } tombstoned_intercept_socket:sock_file write;

 # Android does not support System V IPCs.

--- a/public/mediacodec.te
+++ b/public/mediacodec.te
@@ -19,6 +19,7 @@ allow mediacodec ion_device:chr_file rw_file_perms;
 allow mediacodec hal_graphics_allocator:fd use;
 allow mediacodec hal_camera:fd use;

+crash_dump_fallback(mediacodec)

 # hidl access
 hwbinder_use(mediacodec)

--- a/public/mediaextractor.te
+++ b/public/mediaextractor.te
@@ -18,6 +18,8 @@ allow mediaextractor system_server:fd use;
 r_dir_file(mediaextractor, cgroup)
 allow mediaextractor proc_meminfo:file r_file_perms;

+crash_dump_fallback(mediaextractor)
+
 ###
 ### neverallow rules
 ###

--- a/public/te_macros
+++ b/public/te_macros
@@ -390,6 +390,18 @@ define(`recovery_only', ifelse(target_recovery, `true', $1, ))
 #
 define(`userdebug_or_eng', ifelse(target_build_variant, `eng', $1, ifelse(target_build_variant, `userdebug', $1)))

+####################################
+# Fallback crash handling for processes that can't exec crash_dump (e.g. because of seccomp).
+#
+define(`crash_dump_fallback', `
+userdebug_or_eng(`
+  allow $1 su:fifo_file append;
+')
+allow $1 anr_data_file:file append;
+allow $1 tombstoned:unix_stream_socket connectto;
+allow $1 tombstoned_crash_socket:sock_file write;
+')
+
 #####################################
 # WITH_DEXPREOPT builds
 # SELinux rules which apply only when pre-opting.