Merge "ban hal_dumpstate_default from execute_no_trans" into main

commit: fa448be01fb3aae9e11a1a156eae16291fcbdad9 [log] [tgz]
author: Adam Shih <adamshih@google.com> Tue Oct 08 03:13:54 2024 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Tue Oct 08 03:13:54 2024 +0000
tree: b1be6541a1e743f889c781781d403394db75cbc2
parent: 8edb8909cfc0d884b8ef1f2d60695fbe319cac5c [diff]
parent: f24bfe8ca3703d0013735e67ddb942b05f893034 [diff]
diff --git a/gear/dumpstate/sepolicy/hal_dumpstate_default.te b/gear/dumpstate/sepolicy/hal_dumpstate_default.te
index 06ebb75..e0f0b09 100644
--- a/gear/dumpstate/sepolicy/hal_dumpstate_default.te
+++ b/gear/dumpstate/sepolicy/hal_dumpstate_default.te

@@ -5,3 +5,8 @@
 allow hal_dumpstate_default shell_data_file:file getattr;
 set_prop(hal_dumpstate_default, vendor_logger_prop)
 
+# All dumps that are executed via hal_dumpstate_default should use their
+# own domain to request their permissions to achieve compartmentalization.
+# go/pixel-bugreport has examples on how to do that.
+neverallow hal_dumpstate_default { vendor_file_type -vendor_toolbox_exec }:file execute_no_trans;
+
commit	fa448be01fb3aae9e11a1a156eae16291fcbdad9	[log] [tgz]
author	Adam Shih <adamshih@google.com>	Tue Oct 08 03:13:54 2024 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Tue Oct 08 03:13:54 2024 +0000
tree	b1be6541a1e743f889c781781d403394db75cbc2
parent	8edb8909cfc0d884b8ef1f2d60695fbe319cac5c [diff]
parent	f24bfe8ca3703d0013735e67ddb942b05f893034 [diff]