1 # debugger interface 2 type debuggerd, domain; 3 type debuggerd_exec, exec_type, file_type; 4 5 init_daemon_domain(debuggerd) 6 typeattribute debuggerd mlstrustedsubject; 7 allow debuggerd self:capability { dac_override sys_ptrace chown kill fowner }; 8 allow debuggerd self:capability2 { syslog }; 9 allow debuggerd domain:dir r_dir_perms; 10 allow debuggerd domain:file r_file_perms; 11 allow debuggerd domain:lnk_file read; 12 allow debuggerd { domain -init -ueventd -watchdogd -healthd -adbd -keystore }:process ptrace; 13 security_access_policy(debuggerd) 14 allow debuggerd system_data_file:dir create_dir_perms; 15 allow debuggerd system_data_file:dir relabelfrom; 16 allow debuggerd tombstone_data_file:dir relabelto; 17 allow debuggerd tombstone_data_file:dir create_dir_perms; 18 allow debuggerd tombstone_data_file:file create_file_perms; 19 allow debuggerd shared_relro_file:dir r_dir_perms; 20 allow debuggerd shared_relro_file:file r_file_perms; 21 allow debuggerd domain:process { sigstop signal }; 22 allow debuggerd exec_type:file r_file_perms; 23 # Access app library 24 allow debuggerd system_data_file:file open; 25 26 # Connect to system_server via /data/system/ndebugsocket. 27 unix_socket_connect(debuggerd, system_ndebug, system_server) 28 29 userdebug_or_eng(` 30 allow debuggerd input_device:dir r_dir_perms; 31 allow debuggerd input_device:chr_file rw_file_perms; 32 ') 33 34 # logd access 35 read_logd(debuggerd) 36
