The code for dumping tombstones tries to read the log data. This was
silently failing after the change to drop root privileges. Fix this
by explicitly setting the groups allowed before dropping privileges.
Bug: 28590884
(cherry picked from commit edc2380109)
Change-Id: I225365edccb11f8752027566fd42f3b10ce10260
When someone enables wait_for_gdb, activity manager will kill the
stopped process before a developer can attach to the process. To
allow debugging in this case, change the code to only contact the
activity manager right before continuing the process that is
crashing.
Also, modify the conditions under which to do a gdb attach. The previous
code did a partial attach if perform_dump failed. The new version simply
allows an attach regardless of whether perform_dump passes or fails.
Bug: 28409358
(cherry picked from commit 9818bd2bbe)
Change-Id: I42f464b69332748e16b07d9d00f44b3aa26ce8b7
Before dropping root privileges, connect to the activity manager.
Also, only connect to the activity manager if this is a crash.
Bug: 28210681
(cherry picked from commit 0fc89f34b9)
Change-Id: Id25b92e550d71ffe1b9eafe43976ef514a83714b
This was actually nonfunctional until f5e8f0b, because it was using kill
after privileges were dropped. This doesn't seem necessary after the
changes to the sibling thread ptrace logic, though.
Bug: http://b/27427439
Change-Id: I6bffbc14e0cf5e377bbfa39c945518e0d436c223
Use sigtimedwait on SIGCHLD to watch our forked worker processes for
failure, so that we can guarantee that we always resume/kill the target
process if libunwind crashes.
Bug: http://b/27427439
Change-Id: I5a5da1f1abd7dc9d01223f5b3778e946e2d47d20
system/core/debuggerd/debuggerd.cpp:683:5: warning: Value stored to 'logsocket' is never read
logsocket = -1;
^ ~~
Bug: http://b/27264392
Change-Id: I8eab8a02b67f219c32aea49e4d4957e5642df38f
Previously, we weren't PTRACE_ATTACHing to all of the threads of a
process, and we were also trying to do it after forking and dropping
privileges. This patch ensures that all ptrace attaching/detaching
happens in one place, before forking/exiting respectively.
Bug: http://b/26443860
Bug: http://b/26436605
Bug: http://b/26436486
Change-Id: Id94e0c1d9d56c051d0dd281d895aaa3285079198
Use ScopedFd and unique_ptr to manage resources, so that we can early
exit instead of having 9 levels of indentation.
Change-Id: Ia5fed76c7d959f1f198ea540c56c508f7e1585c4
Keeping these means that every build has different init and debuggerd
binaries, even if the source was the same. So OTAs that don't touch
these sources would still need to update the binaries.
Both of these messages are only informational, so can be safely removed.
Bootchart already encodes build-specific information from the system
properties.
Bug: 24204119
Change-Id: I7ebd65a20a3e031e7528c9f741616e20b3cd7446
When debugging SE Linux audit messages from debuggerd, its
unclear what process is triggering the access violation. To
assist in debugging, we also log pid, uid and gid.
Before:
avc: denied { dump_backtrace } for scontext=u:r:dumpstate:s0 ...
After:
avc: denied { dump_backtrace } for pid=198 uid=1019 gid=1019 ..
Change-Id: I8263e6f5e77917139b73c3e84b76f7f97fd98003
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Static binaries don't get the signal handler installed (that's done by the
dynamic linker) so we don't need to worry about seeing SIGPIPE crashes from
old binaries.
Bug: http://b/20659371
Change-Id: I3b5566634fadd3e822262561188d29814bccd1fd
Use debug.debuggerd.wait_for_gdb being set to non-zero to
determine if debuggerd should stop and wait for someone to
attach gdb to the crashing process.
Bug: 22233908
Change-Id: Id55a1572b479a70d395b7270392ce6fb70dbfdca
We improved gdbclient to make the process simpler, but didn't update
debuggerd to match.
Bug: http://b/22233857
Change-Id: If4137943f567a9e566a3ac7f485c9b1eab2c68e9
d34e407aeb removed support for
running with SELinux completely disabled. SELinux must either be
in permissive or enforcing mode now.
Remove unnecessary calls to is_selinux_enabled(). It always returns
true now.
Change-Id: Ife3156b74b13b2e590afe4accf716fc7776567e5
On 64 bit systems, calls to dump_backtrace_to_file or dump_tombstone
try and directly contact the correct debuggerd (32 bit vs 64 bit)
by reading the elf information for the executable.
Unfortunately, system_server makes a call to dump_backtrace_to_file
and it doesn't have permissions to read the executable data, so it
defaults to always contacting the 64 bit debuggerd.
This CL changes the code so that all dump requests go to the 64 bit
debuggerd, which reads the elf information and redirects requests for
32 bit processes to the 32 bit debuggerd.
Testing:
- Forced the watchdog code in system_server to dump stacks and
verified that all native stacks are dumped correctly.
- Verified that dumpstate and bugreport still properly dump the native
processes on a 64 bit and 32 bit system.
- Intentionally forced the 64 bit to 32 bit redirect to write only a
byte at a time and verified there are no errors, and no dropped data.
- Used debuggerd and debuggerd64 to dump 32 bit and 64 bit processes
seemlessly.
- Used debuggerd on a 32 bit system to dump native stacks.
Bug: https://code.google.com/p/android/issues/detail?id=97024
Change-Id: Ie01945153bdc1c4ded696c7334b61d58575314d1
- Fix a problem where a tid exits before the attach completes, and it
causes debuggerd to self terminate.
- Fix a problem where sibling tid dumps do not properly wait for the tid
to get signalled.
Bug: 17800180
Bug: 12567315
(cherry picked from commit 84ddb34a3a)
Change-Id: I45e33865614d4c96f4a89cf117398666b556d500
debuggerd allows uid-0 processes to dump tombstones or backtraces
of any process, and uid-system processes to dump backtraces of any
processes. Restrict these operations via SELinux based on the
client context, the target process context, and the action.
Depends on I8e120d319512ff207ed22ed87cde4e0432a13dda for the
corresponding policy definitions.
Change-Id: Ib317564e54e07cc21f259e75124b762ad17c6e16
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Now the debugging output shows the tid of the crashed thread instead of
the pid of the process that crashed.
Change-Id: I637f409ff02d73d458edc6d1a5c462c21d128211
The debug output was still showing the pathname that worked with
gdbclient before my changes, and therefore did not work after the fact.
Change-Id: Ie12d79f5346088914ce0a70bda69780707b31d31
Now the functionality implemented by these semi-confusing cases has been
replaced with the same logtype enum behavior that is easier to
understand, and cases that used log-looking behavior to print to logcat
(when log = NULL) now use the more transparent ALOGE/ALOGD functions.
Change-Id: I7e38f2d4ca74a828df4d2266b3ea34edd3c6f5bb
The system by which debuggerd filters its output to different locations
is now based on an enum called logtype with easy to understand
categories for log messages (like THREAD, MEMORY, etc.) instead of the
old, fairly esoteric scope_flags variable. Now much of the output that
previously went to logcat does not show up on the screen, but all output
can be found in the tombstone file. In addition, the tombstone's
location is now printed so it can be located easily.
Bug: 15341747
Change-Id: Ia2f2051d1dfdea934d0e6ed220f24345e35ba6a2
Bionic needs to re-raise various signals, which means the si_code
debuggerd sees has been clobbered. If bionic sends us the original
si_code value, we can use that instead of the one we see when the
ptrace the crashed process' siginfo.
Change-Id: If116a6bc667d55a6fb39b74f96673292af4e4c8c
Use the libbacktrace C++ interface instead of the C interface in debuggerd.
Reformat the debuggerd code to be closer to Google C++ style.
Fix all debuggerd casts to be C++ casts.
Add a frame number to the frame data structure for ease of formatting and
add another FormatFrameData function.
Change the format_test to use the new FormatFrameData function.
Modify all of the backtrace_test to use the C++ interface.
Change-Id: I10e1610861acf7f4a3ad53276b74971cfbfda464
This is part 1, only including the bare minimum changes because
our diff tool doesn't easily show differences when a file moves. This
also breaks it into a small chunk in case some other changes break things,
as unlikely as I think that will be.
Change-Id: Ib7a3e7a2cc1ac574d15b65fda23813ebcf5d31af
Josh Gao