============
``livedump_pid()`` API method was created for use by system services and system
-applications, and therefore requires a special privilege
+applications.
+
+Applications wanting to use the API must have a special privilege
``http://tizen.com/privilege/internal/livecoredump`` which can only be granted
manually by::
installer. In this case, the privilege should be granded externally, after the
TPK is installed.
+System services wanting to use the API must provide appriate dbus configuration
+that will allow such usage, eg.
+
+ <policy user="stability_monitor">
+ <allow send_destination="org.tizen.system.crash.livedump"
+ send_interface="org.tizen.system.crash.livedump"
+ send_member="livedump_pid"/>
+ </policy>
+
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
- <policy user="root">
- <allow send_destination="org.tizen.system.crash.livedump"
- send_interface="org.tizen.system.crash.livedump"
- send_member="livedump_pid"/>
- </policy>
<policy user="crash_worker">
<allow own="org.tizen.system.crash.livedump"/>
<allow own="org.tizen.system.diagnostics"/>
</policy>
- <policy group="priv_livecoredump">
- <!-- Following section is for services wanting to use livedump api.
- Thoretically, the <policy group=..> should be enough to support
- both service and application case. However, this does not work
- in practice due to dbus-daemon getting group membership from
- static source (via getgrouplist), while in Tizen it's dynamic,
- assigned to application by security-manager. Dbus-daemon would
- need to use SO_PEERGROUP socket option for this to work, but it's
- supported only in kernels >= 4.13. -->
+
+ <!-- Each system service wanting to use livedump api must have explicit access rule,
+ like the ones below -->
+ <policy user="stability_monitor">
+ <allow send_destination="org.tizen.system.crash.livedump"
+ send_interface="org.tizen.system.crash.livedump"
+ send_member="livedump_pid"/>
+ </policy>
+ <policy user="root">
<allow send_destination="org.tizen.system.crash.livedump"
send_interface="org.tizen.system.crash.livedump"
send_member="livedump_pid"/>
</policy>
+
<policy context="default">
<deny own="org.tizen.system.crash.livedump"/>
<deny send_destination="org.tizen.system.crash.livedump"/>