crash_dump: disallow ptrace of TCB components Remove permissions and add neverallow assertion. (cherry picked from commit f1554f1588eab05eca7eb7ccba41d5955a563837) Bug: 110107376 Test: kill -6 <components excluded from ptrace> Change-Id: I2dc872f5c02749fbaf8ca6bc7e3e38404151442c

commit: 08aa715966eaf3dc1ed77a1522fb44b7a23d1b63 [log] [tgz]
author: Jeff Vander Stoep <jeffv@google.com> Wed Jun 13 22:10:37 2018 -0700
committer: Nick Kralevich <nnk@google.com> Tue Aug 28 08:28:25 2018 -0700
tree: e45ca1580ef7d92ededd4baf50ba72144688bbcc
parent: ed16534eb57921f2f2dc661ab11c0a6ff7155de8 [diff]
diff --git a/private/crash_dump.te b/private/crash_dump.te
index fb73f08..186977f 100644
--- a/private/crash_dump.te
+++ b/private/crash_dump.te

@@ -1 +1,26 @@
 typeattribute crash_dump coredomain;
+
+allow crash_dump {
+  domain
+  -bpfloader
+  -crash_dump
+  -init
+  -kernel
+  -keystore
+  -logd
+  -ueventd
+  -vendor_init
+  -vold
+}:process { ptrace signal sigchld sigstop sigkill };
+
+neverallow crash_dump {
+  bpfloader
+  init
+  kernel
+  keystore
+  logd
+  userdebug_or_eng(`-logd')
+  ueventd
+  vendor_init
+  vold
+}:process { ptrace signal sigstop sigkill };
commit	08aa715966eaf3dc1ed77a1522fb44b7a23d1b63	[log] [tgz]
author	Jeff Vander Stoep <jeffv@google.com>	Wed Jun 13 22:10:37 2018 -0700
committer	Nick Kralevich <nnk@google.com>	Tue Aug 28 08:28:25 2018 -0700
tree	e45ca1580ef7d92ededd4baf50ba72144688bbcc
parent	ed16534eb57921f2f2dc661ab11c0a6ff7155de8 [diff]