SEPolicy: Changes for new stack dumping scheme.
Applications connect to tombstoned via a unix domain socket and request an open FD to which they can write their traces. This socket has a new label (tombstoned_java_trace_socket) and appdomain and system_server are given permissions to connect and write to it. Apps no longer need permissions to open files under /data/anr/ and these permissions will be withdrawn in a future change. Bug: 32064548 Test: Manual Merged-In: I70a3e6e230268d12b454e849fa88418082269c4f Change-Id: Ib4b73fc130f4993c44d96c8d68f61b6d9bb2c7d5
Showing
- private/app.te 13 additions, 1 deletionprivate/app.te
- private/file_contexts 1 addition, 0 deletionsprivate/file_contexts
- private/system_server.te 13 additions, 0 deletionsprivate/system_server.te
- public/domain.te 6 additions, 1 deletionpublic/domain.te
- public/file.te 1 addition, 0 deletionspublic/file.te
- public/tombstoned.te 9 additions, 4 deletionspublic/tombstoned.te
Loading
Please register or sign in to comment