From 12b4750fec765524e8201c763baefd70eeb1dbfb Mon Sep 17 00:00:00 2001
From: Josh Gao <jmgao@google.com>
Date: Mon, 6 Mar 2017 18:13:05 -0800
Subject: [PATCH] Allow fallback crash dumping for seccomped processes.

Let mediacodec and mediaextractor talk directly to tombstoned to
generate tombstones/ANR traces.

Bug: http://b/35858739
Test: debuggerd -b `pidof media.codec`
Change-Id: I091be946d58907c5aa7a2fe23995597638adc896
---
 public/domain.te         | 11 ++++++++++-
 public/mediacodec.te     |  1 +
 public/mediaextractor.te |  2 ++
 public/te_macros         | 12 ++++++++++++
 4 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/public/domain.te b/public/domain.te
index 19243a698..9631c9c76 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -452,8 +452,17 @@ neverallow {
   -crash_dump
   -dumpstate
   -system_server
+
+  # Processes that can't exec crash_dump
+  -mediacodec
+  -mediaextractor
 } tombstoned:unix_stream_socket connectto;
-neverallow { domain -crash_dump } tombstoned_crash_socket:sock_file write;
+neverallow {
+  domain
+  -crash_dump
+  -mediacodec
+  -mediaextractor
+} tombstoned_crash_socket:sock_file write;
 neverallow { domain -dumpstate -system_server } tombstoned_intercept_socket:sock_file write;
 
 # Android does not support System V IPCs.
diff --git a/public/mediacodec.te b/public/mediacodec.te
index a7d780793..99ebdb1e4 100644
--- a/public/mediacodec.te
+++ b/public/mediacodec.te
@@ -19,6 +19,7 @@ allow mediacodec ion_device:chr_file rw_file_perms;
 allow mediacodec hal_graphics_allocator:fd use;
 allow mediacodec hal_camera:fd use;
 
+crash_dump_fallback(mediacodec)
 
 # hidl access
 hwbinder_use(mediacodec)
diff --git a/public/mediaextractor.te b/public/mediaextractor.te
index 43d511c18..398d413b2 100644
--- a/public/mediaextractor.te
+++ b/public/mediaextractor.te
@@ -18,6 +18,8 @@ allow mediaextractor system_server:fd use;
 r_dir_file(mediaextractor, cgroup)
 allow mediaextractor proc_meminfo:file r_file_perms;
 
+crash_dump_fallback(mediaextractor)
+
 ###
 ### neverallow rules
 ###
diff --git a/public/te_macros b/public/te_macros
index d6bdf61dc..f70d791fd 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -390,6 +390,18 @@ define(`recovery_only', ifelse(target_recovery, `true', $1, ))
 #
 define(`userdebug_or_eng', ifelse(target_build_variant, `eng', $1, ifelse(target_build_variant, `userdebug', $1)))
 
+####################################
+# Fallback crash handling for processes that can't exec crash_dump (e.g. because of seccomp).
+#
+define(`crash_dump_fallback', `
+userdebug_or_eng(`
+  allow $1 su:fifo_file append;
+')
+allow $1 anr_data_file:file append;
+allow $1 tombstoned:unix_stream_socket connectto;
+allow $1 tombstoned_crash_socket:sock_file write;
+')
+
 #####################################
 # WITH_DEXPREOPT builds
 # SELinux rules which apply only when pre-opting.
-- 
GitLab