From 877d1f6694bf2fbb78cc1722ed4555a8a555dd74 Mon Sep 17 00:00:00 2001
From: Florian Mayer <fmayer@google.com>
Date: Fri, 23 Feb 2024 12:54:27 -0800
Subject: [PATCH] Make tombstones 664.

They are still restricted by SELinux, and apps still cannot open them
because they don't have `open` SELinux permission.

Bug: 312740614
Change-Id: I83b7e6ed39f5af64f161af3b3e8e33af0d125b20
---
 debuggerd/tombstoned/tombstoned.cpp | 5 +++++
 rootdir/init.rc                     | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/debuggerd/tombstoned/tombstoned.cpp b/debuggerd/tombstoned/tombstoned.cpp
index cf7904f81..5a36a7460 100644
--- a/debuggerd/tombstoned/tombstoned.cpp
+++ b/debuggerd/tombstoned/tombstoned.cpp
@@ -156,6 +156,11 @@ class CrashQueue {
 
       result.temporary_path = std::move(tmp_filename);
     }
+    // We need to fchmodat after creating to avoid getting the umask applied.
+    std::string fd_path = StringPrintf("/proc/self/fd/%d", result.fd.get());
+    if (fchmodat(dir_fd_, fd_path.c_str(), 0664, 0) != 0) {
+      PLOG(ERROR) << "Failed to make tombstone world-readable";
+    }
 
     return std::move(result);
   }
diff --git a/rootdir/init.rc b/rootdir/init.rc
index f3b2d0379..3c367f969 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -709,7 +709,7 @@ on post-fs-data
 
     # Start tombstoned early to be able to store tombstones.
     mkdir /data/anr 0775 system system encryption=Require
-    mkdir /data/tombstones 0771 system system encryption=Require
+    mkdir /data/tombstones 0775 system system encryption=Require
     mkdir /data/vendor/tombstones 0771 root root
     mkdir /data/vendor/tombstones/wifi 0771 wifi wifi
     start tombstoned