crash_dump: remove /system/bin/logcat execute permissions
Currently, crash_dump has the following line: read_logd(crash_dump) which is a macro defined as: ##################################### # read_logd(domain) # Ability to run logcat and read from android # log daemon via sockets define(`read_logd', ` allow $1 logcat_exec:file rx_file_perms; unix_socket_connect($1, logdr, logd) ') which grants both the ability to talk directly to a logd socket, as well as the ability to execute the /system/bin/logcat command line tool. This is unneeded (and problematic) for crash_dump. Crash_dump uses standard, vndk approved libraries to talk directly to logd. It never exec()s the (non-vndk approved) logcat command. As crash_dump is a vndk approved component and executed by vendor code, allowing this transitively makes /system/bin/logcat a vndk component too, which we want to avoid. Instead of using the read_logd() macro, just directly add the unix_socket_connect() call. This allows talking directly to logd, but blocks the use of the (unneeded) /system/bin/logcat executable. Test: crasher binary still works when executed from adb shell Change-Id: I1fe9d0f5f0234c96454a0d91338fa2656f083345
This commit is contained in:
parent
58de4843b6
commit
702fd0afac
@ -46,7 +46,9 @@ allow crash_dump anr_data_file:file { append getattr };
|
||||
# Append to tombstone files.
|
||||
allow crash_dump tombstone_data_file:file { append getattr };
|
||||
|
||||
read_logd(crash_dump)
|
||||
# crash_dump writes out logcat logs at the bottom of tombstones,
|
||||
# which is super useful in some cases.
|
||||
unix_socket_connect(crash_dump, logdr, logd)
|
||||
|
||||
# Crash dump is not intended to access the following data types. Since these
|
||||
# are WAI, suppress the denials to clean up the logs.
|
||||
|
Loading…
Reference in New Issue
Block a user