am d5c41746: logcat: test: logrotate flags
* commit 'd5c417469b4cc4fb42d090350ad8209de6e70512':
logcat: test: logrotate flags
diff --git a/debuggerd/debuggerd.cpp b/debuggerd/debuggerd.cpp
index 61805c9..03d7e49 100644
--- a/debuggerd/debuggerd.cpp
+++ b/debuggerd/debuggerd.cpp
@@ -30,6 +30,8 @@
#include <sys/stat.h>
#include <sys/poll.h>
+#include <selinux/android.h>
+
#include <log/logger.h>
#include <cutils/sockets.h>
@@ -124,6 +126,53 @@
return fields == 7 ? 0 : -1;
}
+static int selinux_enabled;
+
+/*
+ * Corresponds with debugger_action_t enum type in
+ * include/cutils/debugger.h.
+ */
+static const char *debuggerd_perms[] = {
+ NULL, /* crash is only used on self, no check applied */
+ "dump_tombstone",
+ "dump_backtrace"
+};
+
+static bool selinux_action_allowed(int s, pid_t tid, debugger_action_t action)
+{
+ char *scon = NULL, *tcon = NULL;
+ const char *tclass = "debuggerd";
+ const char *perm;
+ bool allowed = false;
+
+ if (selinux_enabled <= 0)
+ return true;
+
+ if (action <= 0 || action >= (sizeof(debuggerd_perms)/sizeof(debuggerd_perms[0]))) {
+ ALOGE("SELinux: No permission defined for debugger action %d", action);
+ return false;
+ }
+
+ perm = debuggerd_perms[action];
+
+ if (getpeercon(s, &scon) < 0) {
+ ALOGE("Cannot get peer context from socket\n");
+ goto out;
+ }
+
+ if (getpidcon(tid, &tcon) < 0) {
+ ALOGE("Cannot get context for tid %d\n", tid);
+ goto out;
+ }
+
+ allowed = (selinux_check_access(scon, tcon, tclass, perm, NULL) == 0);
+
+out:
+ freecon(scon);
+ freecon(tcon);
+ return allowed;
+}
+
static int read_request(int fd, debugger_request_t* out_request) {
ucred cr;
socklen_t len = sizeof(cr);
@@ -186,6 +235,9 @@
ALOGE("tid %d does not exist. ignoring explicit dump request\n", out_request->tid);
return -1;
}
+
+ if (!selinux_action_allowed(fd, out_request->tid, out_request->action))
+ return -1;
} else {
// No one else is allowed to dump arbitrary processes.
return -1;
@@ -434,7 +486,11 @@
}
int main(int argc, char** argv) {
+ union selinux_callback cb;
if (argc == 1) {
+ selinux_enabled = is_selinux_enabled();
+ cb.func_log = selinux_log_callback;
+ selinux_set_callback(SELINUX_CB_LOG, cb);
return do_server();
}
diff --git a/debuggerd/utility.cpp b/debuggerd/utility.cpp
index a163344..9a30fe3 100644
--- a/debuggerd/utility.cpp
+++ b/debuggerd/utility.cpp
@@ -59,6 +59,8 @@
void _LOG(log_t* log, enum logtype ltype, const char* fmt, ...) {
bool write_to_tombstone = (log->tfd != -1);
bool write_to_logcat = is_allowed_in_logcat(ltype)
+ && log->crashed_tid != -1
+ && log->current_tid != -1
&& (log->crashed_tid == log->current_tid);
bool write_to_activitymanager = (log->amfd != -1);
diff --git a/debuggerd/utility.h b/debuggerd/utility.h
index 518305d..31684ce 100644
--- a/debuggerd/utility.h
+++ b/debuggerd/utility.h
@@ -37,7 +37,7 @@
#endif
-typedef struct {
+struct log_t{
/* tombstone file descriptor */
int tfd;
/* Activity Manager socket file descriptor */
@@ -46,7 +46,10 @@
pid_t crashed_tid;
// The tid of the thread we are currently working with.
pid_t current_tid;
-} log_t;
+
+ log_t()
+ : tfd(-1), amfd(-1), crashed_tid(-1), current_tid(-1) {}
+};
// List of types of logs to simplify the logging decision in _LOG
enum logtype {
diff --git a/libcutils/Android.mk b/libcutils/Android.mk
index 933a77b..b016a42 100644
--- a/libcutils/Android.mk
+++ b/libcutils/Android.mk
@@ -86,19 +86,6 @@
include $(BUILD_HOST_STATIC_LIBRARY)
-# Static library for host, 64-bit
-# ========================================================
-include $(CLEAR_VARS)
-LOCAL_MODULE := lib64cutils
-LOCAL_SRC_FILES := $(commonSources) $(commonHostSources) dlmalloc_stubs.c
-LOCAL_STATIC_LIBRARIES := lib64log
-LOCAL_CFLAGS += $(hostSmpFlag) -m64
-ifneq ($(HOST_OS),windows)
-LOCAL_CFLAGS += -Werror
-endif
-LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
-include $(BUILD_HOST_STATIC_LIBRARY)
-
# Tests for host
# ========================================================
include $(CLEAR_VARS)
diff --git a/liblog/Android.mk b/liblog/Android.mk
index a7eead9..a4e5f5e 100644
--- a/liblog/Android.mk
+++ b/liblog/Android.mk
@@ -71,14 +71,6 @@
include $(BUILD_HOST_SHARED_LIBRARY)
-# Static library for host, 64-bit
-# ========================================================
-include $(CLEAR_VARS)
-LOCAL_MODULE := lib64log
-LOCAL_SRC_FILES := $(liblog_host_sources)
-LOCAL_CFLAGS := -DFAKE_LOG_DEVICE=1 -m64 -Werror
-include $(BUILD_HOST_STATIC_LIBRARY)
-
# Shared and static library for target
# ========================================================
include $(CLEAR_VARS)
diff --git a/libutils/Android.mk b/libutils/Android.mk
index 9343f8e..4f47d6f 100644
--- a/libutils/Android.mk
+++ b/libutils/Android.mk
@@ -74,19 +74,6 @@
include $(BUILD_HOST_STATIC_LIBRARY)
-# For the host, 64-bit
-# =====================================================
-include $(CLEAR_VARS)
-LOCAL_SRC_FILES:= $(commonSources)
-ifeq ($(HOST_OS), linux)
-LOCAL_SRC_FILES += Looper.cpp
-endif
-LOCAL_MODULE:= lib64utils
-LOCAL_STATIC_LIBRARIES := liblog
-LOCAL_CFLAGS += $(host_commonCflags) -m64
-include $(BUILD_HOST_STATIC_LIBRARY)
-
-
# For the device, static
# =====================================================
include $(CLEAR_VARS)