Prevent ptrace of logd on user builds

system/core commit 6a70ded7bfa8914aaa3dc25630ff2713ae893f80 (later
amended by 107e29ac1b1c297a0d4ee35c4978e79f47013e2c indicated that logd
doesn't want it's memory accessible by anyone else. Unfortunately,
setting DUMPABLE isn't sufficient against a root level process such with
ptrace. Only one such process exists, "debuggerd".

Block debuggerd from accessing logd's memory on user builds. Userdebug
and eng builds are unaffected.  Add a neverallow rule (compile time
assertion + CTS test) to prevent regressions.

Bug: 32450474
Test: Policy compiles.
Change-Id: Ie90850cd91846a43adaa0871d239f894a0c94d38

public/debuggerd.te

@@ -15,9 +15,15 @@ allow debuggerd {
   -healthd
   -init
   -keystore
+  -logd
   -ueventd
   -watchdogd
 }:process { execmem ptrace getattr };
+
+userdebug_or_eng(`
+  allow debuggerd logd:process { execmem ptrace getattr };
+')
+
 allow debuggerd tombstone_data_file:dir rw_dir_perms;
 allow debuggerd tombstone_data_file:file create_file_perms;
 allow debuggerd shared_relro_file:dir r_dir_perms;

public/logd.te

@@ -48,6 +48,9 @@ neverallow logd dev_type:blk_file { read write };
 # ptrace any other app
 neverallow logd domain:process ptrace;
 
+# ... and nobody may ptrace me (except on userdebug or eng builds)
+neverallow { domain userdebug_or_eng(`-debuggerd') } logd:process ptrace;
+
 # Write to /system.
 neverallow logd system_file:dir_file_class_set write;