From 37daf9f48ed6456d613e7326e9ac5407d29e2107 Mon Sep 17 00:00:00 2001 From: Mark Salyzyn Date: Fri, 10 Jan 2020 14:23:38 -0800 Subject: [PATCH] llkd: requires sys_admin permissions As a result of commit f8a00cef17206ecd1b30d3d9f99e10d9fa707aa7 ("proc: restrict kernel stack dumps to root") the userdebug feature where llkd can monitor for live lock signatures in the stack traces broke. So now userdebug variant of llkd requires sys_admin permissions. Signed-off-by: Mark Salyzyn Test: llkd_unit_test Bug: 147486902 Change-Id: I31572afa08daa490a69783855bce55313eaed96c --- private/llkd.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/private/llkd.te b/private/llkd.te index 385f93034..f218dec7c 100644 --- a/private/llkd.te +++ b/private/llkd.te @@ -7,7 +7,7 @@ get_prop(llkd, llkd_prop) allow llkd self:global_capability_class_set kill; userdebug_or_eng(` - allow llkd self:global_capability_class_set sys_ptrace; + allow llkd self:global_capability_class_set { sys_ptrace sys_admin }; allow llkd self:global_capability_class_set { dac_override dac_read_search }; ')