The code for dumping tombstones tries to read the log data. This was
silently failing after the change to drop root privileges. Fix this
by explicitly setting the groups allowed before dropping privileges.
Bug: 28590884
Change-Id: Iaccb1d2928268fc9fc855f6e3814c31ce019badf
When someone enables wait_for_gdb, activity manager will kill the
stopped process before a developer can attach to the process. To
allow debugging in this case, change the code to only contact the
activity manager right before continuing the process that is
crashing.
Also, modify the conditions under which to do a gdb attach. The previous
code did a partial attach if perform_dump failed. The new version simply
allows an attach regardless of whether perform_dump passes or fails.
Bug: 28409358
(cherry picked from commit 9818bd2bbe)
Change-Id: I42f464b69332748e16b07d9d00f44b3aa26ce8b7
When someone enables wait_for_gdb, activity manager will kill the
stopped process before a developer can attach to the process. To
allow debugging in this case, change the code to only contact the
activity manager right before continuing the process that is
crashing.
Also, modify the conditions under which to do a gdb attach. The previous
code did a partial attach if perform_dump failed. The new version simply
allows an attach regardless of whether perform_dump passes or fails.
Bug: 28409358
Change-Id: I4fe8d390c212d47e007cbe6543c2d114c3c7aeff
Before dropping root privileges, connect to the activity manager.
Also, only connect to the activity manager if this is a crash.
Bug: 28210681
(cherry picked from commit 0fc89f34b9)
Change-Id: Id25b92e550d71ffe1b9eafe43976ef514a83714b
Before dropping root privileges, connect to the activity manager.
Also, only connect to the activity manager if this is a crash.
Bug: 28210681
Change-Id: Ie266031910519fa2aa6835644a95c1fc56e24d8d
am: 437911e
* commit '437911ec87fe471a4cbe7e3dfa722e11d3187805':
debuggerd: set the name of the signal sender.
Change-Id: I23723649fcc33a624f4aba80cde81f1bbb71fc3b
Processes using seccomp will get SIGSYS when attempting to use a
disallowed syscall. We're currently not handling SIGSYS in bionic's
signal handler, but this change will let us dump a backtrace pointing at
rt_tgsigqueueinfo in our signal handler if seccomp policies block it
during a real crash.
Bug: http://b/27853687
Change-Id: I4e4aacc95eeef7249d895e19dc4ccd77a51c7a17
This was actually nonfunctional until f5e8f0b, because it was using kill
after privileges were dropped. This doesn't seem necessary after the
changes to the sibling thread ptrace logic, though.
Bug: http://b/27427439
Change-Id: I6bffbc14e0cf5e377bbfa39c945518e0d436c223
(cherry picked from commit b17f228ff6)
This was actually nonfunctional until f5e8f0b, because it was using kill
after privileges were dropped. This doesn't seem necessary after the
changes to the sibling thread ptrace logic, though.
Bug: http://b/27427439
Change-Id: I6bffbc14e0cf5e377bbfa39c945518e0d436c223
Use sigtimedwait on SIGCHLD to watch our forked worker processes for
failure, so that we can guarantee that we always resume/kill the target
process if libunwind crashes.
Bug: http://b/27427439
Change-Id: I5a5da1f1abd7dc9d01223f5b3778e946e2d47d20
(cherry picked from commit 630bc80e18)
system/core/debuggerd/debuggerd.cpp:683:5: warning: Value stored to 'logsocket' is never read
logsocket = -1;
^ ~~
Bug: http://b/27264392
Change-Id: I8eab8a02b67f219c32aea49e4d4957e5642df38f
(cherry picked from commit 6da1353863)
Use sigtimedwait on SIGCHLD to watch our forked worker processes for
failure, so that we can guarantee that we always resume/kill the target
process if libunwind crashes.
Bug: http://b/27427439
Change-Id: I5a5da1f1abd7dc9d01223f5b3778e946e2d47d20
Remove the logging of an error if a thread disappears before the unwind
can begin. This can happen, so allow the caller to determine if this
is really a problem worth logging.
Bug: 27449879
(cherry picked from commit 206a3b9798)
Change-Id: If9e7cfeb6eb7b122679a734c1a9eacee8354ef18
Remove the logging of an error if a thread disappears before the unwind
can begin. This can happen, so allow the caller to determine if this
is really a problem worth logging.
Bug: 27449879
Change-Id: Ie81718d53fb0e519fa0a7db9fd5f314b72bfa431
system/core/debuggerd/debuggerd.cpp:683:5: warning: Value stored to 'logsocket' is never read
logsocket = -1;
^ ~~
Bug: http://b/27264392
Change-Id: I8eab8a02b67f219c32aea49e4d4957e5642df38f
Previously, we weren't PTRACE_ATTACHing to all of the threads of a
process, and we were also trying to do it after forking and dropping
privileges. This patch ensures that all ptrace attaching/detaching
happens in one place, before forking/exiting respectively.
Bug: http://b/26443860
Bug: http://b/26436605
Bug: http://b/26436486
Change-Id: Id94e0c1d9d56c051d0dd281d895aaa3285079198
debuggerd_test stubs out the selinux/android.h interface, but was
relying on copied selinux headers to declare the interface. Create a
stub selinux/android.h header included by the test to declare the
interface.
Change-Id: I6a2d402dda1797deb2515f10b663b1a84d498eac
Use ScopedFd and unique_ptr to manage resources, so that we can early
exit instead of having 9 levels of indentation.
Change-Id: Ia5fed76c7d959f1f198ea540c56c508f7e1585c4
Add the following mount options to the /proc filesystem:
hidepid=2,gid=3009
This change blocks /proc access unless you're in group 3009
(aka AID_READPROC).
Please see
https://github.com/torvalds/linux/blob/master/Documentation/filesystems/proc.txt
for documentation on the hidepid option.
hidepid=2 is preferred over hidepid=1 since it leaks less information
and doesn't generate SELinux ptrace denials when trying to access
/proc without being in the proper group.
Add AID_READPROC to processes which need to access /proc entries for
other UIDs.
Bug: 23310674
Change-Id: I22bb55ff7b80ff722945e224845215196f09dafa
This is an optional diagnostic tool where it's useful to know if you are
running the version that you just built. Allow the use of __TIME__
without a warning or error.
Bug: 24204119
Change-Id: I78063c2694b80ccaf5891d1cd649ea17eda978cb
Keeping these means that every build has different init and debuggerd
binaries, even if the source was the same. So OTAs that don't touch
these sources would still need to update the binaries.
Both of these messages are only informational, so can be safely removed.
Bootchart already encodes build-specific information from the system
properties.
Bug: 24204119
Change-Id: I7ebd65a20a3e031e7528c9f741616e20b3cd7446
* commit '2fb90dc8b2b590e674c5e433e8bf3d3f08a887c8':
debuggerd: audit pid, uid and gid on SE Linux denial
property_service: log pid,uid and gid of setprop client
When debugging SE Linux audit messages from debuggerd, its
unclear what process is triggering the access violation. To
assist in debugging, we also log pid, uid and gid.
Before:
avc: denied { dump_backtrace } for scontext=u:r:dumpstate:s0 ...
After:
avc: denied { dump_backtrace } for pid=198 uid=1019 gid=1019 ..
Change-Id: I8263e6f5e77917139b73c3e84b76f7f97fd98003
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Clang 3.8 warns against this now, and it is tripping up part of a test.
We suppress the warning, since we are trying to actually test that this
behavior is properly handled.
Change-Id: I8705900572e1a6704bbdc001fece3e2d16c7077c
This reverts commit ab5e583327.
And statically link llvm libraries on host to remove dependency
on 32-bit llvm shared library which is not included in the prebuilt.
Bug: 22229391
Change-Id: I8210687655ee1809fd820ab2a6ca5dfaf3f9096d
Static binaries don't get the signal handler installed (that's done by the
dynamic linker) so we don't need to worry about seeing SIGPIPE crashes from
old binaries.
Bug: http://b/20659371
Change-Id: I3b5566634fadd3e822262561188d29814bccd1fd
If the first read when dumping memory returns no data, skip ahead to
the next page boundary and try and read from there. This fixes a case
where the address at which to start dumping memory is unreadable, but
crosses back into readable memory.
Bug: 22234753
Change-Id: Ie28d5c027013577ca06f5396aba498366a3b6749
Use debug.debuggerd.wait_for_gdb being set to non-zero to
determine if debuggerd should stop and wait for someone to
attach gdb to the crashing process.
Bug: 22233908
Change-Id: Id55a1572b479a70d395b7270392ce6fb70dbfdca
We improved gdbclient to make the process simpler, but didn't update
debuggerd to match.
Bug: http://b/22233857
Change-Id: If4137943f567a9e566a3ac7f485c9b1eab2c68e9
The debuggerd code sometimes calls _LOG(..., logtype::ERROR, ...)
and sometimes ALOGE(). Standardize on ALOGE since the _LOG message
will wind up in the tombstone in weird places, but using ALOGE
will wind up in the logcat portion of the tombstone.
Bug: 21467089
Change-Id: Ie893f5e91d45b48ef3f5864c3a714e60ac848fb3
d34e407aeb removed support for
running with SELinux completely disabled. SELinux must either be
in permissive or enforcing mode now.
Remove unnecessary calls to is_selinux_enabled(). It always returns
true now.
Change-Id: Ife3156b74b13b2e590afe4accf716fc7776567e5
Previously, the map printing in tombstones for 64 bit devices uses
a variable length value. This means that the maps are not lined up.
The new format is to print the map as 00000000'00000000 in all ways.
Also fix a bug where the backtrace_map_t did not initialize all
parameters.
Add unit tests for all of the dump_all_maps function.
Bug: 20950813
(cherry picked from commit 862fe02919)
Change-Id: Ife5c48bddeb19006a98f9e87520474e97b97f6d9
Previously, the map printing in tombstones for 64 bit devices uses
a variable length value. This means that the maps are not lined up.
The new format is to print the map as 00000000'00000000 in all ways.
Also fix a bug where the backtrace_map_t did not initialize all
parameters.
Add unit tests for all of the dump_all_maps function.
Bug: 20950813
Change-Id: I30901c8a0251b00d85c4c01476b033ef8db84e32
- Add dumping memory around registers for x86/x86_64.
- Add unit tests for new dump_memory function.
- Cleanup all of the machine.cpp files.
- Increase the high address check for 32 bit, and decrease the high
address allowed for 64 bit slightly to match mips64.
Bug: 21206576
(cherry picked from commit e8bc77eb84)
Change-Id: I49ec237e30076a232f084da1072bf9aba15dc0cd
- Add dumping memory around registers for x86/x86_64.
- Add unit tests for new dump_memory function.
- Cleanup all of the machine.cpp files.
- Increase the high address check for 32 bit, and decrease the high
address allowed for 64 bit slightly to match mips64.
Bug: 21206576
Change-Id: I6f75141f3282db48b10f7c695a1cf2eb75a08351
Under some conditions, /proc/<pid>/maps might return nothing. If we
try and unwind in this case, we'll crash. Check this case and fail
the unwind.
Add checks that no other functions try and use map_ without
checking for nullptr.
Add logging when an unwind fails so it's clear what happened.
Bug: 21162746
Change-Id: I56ce51dda0cfc9db20475a441f118108196aa07c
(cherry picked from commit 30c942cf10)
Under some conditions, /proc/<pid>/maps might return nothing. If we
try and unwind in this case, we'll crash. Check this case and fail
the unwind.
Add checks that no other functions try and use map_ without
checking for nullptr.
Add logging when an unwind fails so it's clear what happened.
Bug: 21162746
Change-Id: I56ce51dda0cfc9db20475a441f118108196aa07c
This avoids the log daemon skipping some of the log output from
debuggerd.
Bug: 20846525
(cherry picked from commit b0412a5c2b)
Change-Id: Ifed48814d76c7e855645b6d5487d5e6e1fcafd9e
The new linker relocation packing support uses non-zero load bases,
so we better handle them properly.
Also print out the load base for a map if it's non-zero.
Bug: 20687795
(cherry picked from commit 329ed7dae4)
Change-Id: Ibc37d8c8bb032820dca4e7531184349ba6d402d2
The new linker relocation packing support uses non-zero load bases,
so we better handle them properly.
Also print out the load base for a map if it's non-zero.
Bug: 20687795
Change-Id: Iec2d1db2051e7b4a278c1dfa57d745128a7f2974
ELF said that padding is present, if necessary, to ensure 4-byte
alignment for the descriptor and next note entry, but such padding
is not included in namesz and descsz.
Change-Id: I7896783f3d9a787772d56c49905f52a493c9fba1
For every map that has a name, and if it's a mapped in shared library,
print the build id.
Refactor the way dump_all_maps logs data.
Refactor the way stack segments are dumped.
Bug: 19371018
Change-Id: Ic08d05a4b13f128925743936fb84d8059f7cb56f
Move away from using POSIX open(2) flags and introduce ANDROID_LOG_* flags to
replace them. Add security by preventing random mode flags from getting into
underlying POSIX calls. ANDROID_LOG_* flags overlap POSIX O_* flag definitions.
Change-Id: Ib32bb64c287e8bf150be62242e1ba46bb37839fc
Modifies the code so that if the unwind fails, the code still prints
as much data as possible.
Also, for sibling threads, skip printing the maps and memory/code
since it's not likely to be very relevant.
Fix a few cases where extra space is at the end of lines.
Fix an inverted if statement that was checking the wrong condition.
Bug: 18816322
Change-Id: Ic659e0c34489bf2c65c5a23e2b83e31653b927e4
The backtrace structure used to include a pointer to a backtrace_map_t
that represented the map data for a particular pc. This introduced a
race condition where the pointer could be discarded, but the backtrace
structure still contained a pointer to garbage memory. Now all of the map
information is right in the structure.
Bug: 19028453
Change-Id: If7088a73f3c6bf1f3bc8cdd2bb4b62e7cab831c0
The kernel finally has the pt_regs structure properly defined for mips,
so we don't need to define it ourselves.
Change-Id: Ifdf75ed827cd2390962e9b3a182bdbbf02fe0732
On 64 bit systems, calls to dump_backtrace_to_file or dump_tombstone
try and directly contact the correct debuggerd (32 bit vs 64 bit)
by reading the elf information for the executable.
Unfortunately, system_server makes a call to dump_backtrace_to_file
and it doesn't have permissions to read the executable data, so it
defaults to always contacting the 64 bit debuggerd.
This CL changes the code so that all dump requests go to the 64 bit
debuggerd, which reads the elf information and redirects requests for
32 bit processes to the 32 bit debuggerd.
Testing:
- Forced the watchdog code in system_server to dump stacks and
verified that all native stacks are dumped correctly.
- Verified that dumpstate and bugreport still properly dump the native
processes on a 64 bit and 32 bit system.
- Intentionally forced the 64 bit to 32 bit redirect to write only a
byte at a time and verified there are no errors, and no dropped data.
- Used debuggerd and debuggerd64 to dump 32 bit and 64 bit processes
seemlessly.
- Used debuggerd on a 32 bit system to dump native stacks.
Bug: https://code.google.com/p/android/issues/detail?id=97024
Change-Id: Ie01945153bdc1c4ded696c7334b61d58575314d1
- Fix a problem where a tid exits before the attach completes, and it
causes debuggerd to self terminate.
- Fix a problem where sibling tid dumps do not properly wait for the tid
to get signalled.
Bug: 17800180
Bug: 12567315
(cherry picked from commit 84ddb34a3a)
Change-Id: I45e33865614d4c96f4a89cf117398666b556d500
debuggerd allows uid-0 processes to dump tombstones or backtraces
of any process, and uid-system processes to dump backtraces of any
processes. Restrict these operations via SELinux based on the
client context, the target process context, and the action.
Depends on I8e120d319512ff207ed22ed87cde4e0432a13dda for the
corresponding policy definitions.
Change-Id: Ib317564e54e07cc21f259e75124b762ad17c6e16
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Christopher Ferris