Strengthen ptrace neverallow rules Add additional compile time constraints on the ability to ptrace various sensitive domains. llkd: remove some domains which llkd should never ptrace, even on debuggable builds, such as kernel threads and init. crash_dump neverallows: Remove the ptrace neverallow checks because it duplicates other neverallow assertions spread throughout the policy. Test: policy compiles and device boots Change-Id: Ia4240d1ce7143b983bb048e046bb4729d0af5a6e

commit: 095fbea56341cc17a7b2b2936dca470c89709f83 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Thu Sep 13 11:07:14 2018 -0700
committer: Nick Kralevich <nnk@google.com> Fri Sep 14 18:32:20 2018 +0000
tree: e77de83f6b2e1ac6100c5740fc000bef92152e1a
parent: 702fd0afacf27c62e2743a72ebeae4021a5b595c [diff] [blame]
diff --git a/private/crash_dump.te b/private/crash_dump.te
index aabff29..831ff04 100644
--- a/private/crash_dump.te
+++ b/private/crash_dump.te

@@ -17,6 +17,13 @@
   allow crash_dump { llkd logd }:process { ptrace signal sigchld sigstop sigkill };
 ')
 
+###
+### neverallow assertions
+###
+
+# ptrace neverallow assertions are spread throughout the other policy
+# files, so we avoid adding redundant assertions here
+
 neverallow crash_dump {
   bpfloader
   init
@@ -29,6 +36,6 @@
   ueventd
   vendor_init
   vold
-}:process { ptrace signal sigstop sigkill };
+}:process { signal sigstop sigkill };
 
 neverallow crash_dump self:process ptrace;
commit	095fbea56341cc17a7b2b2936dca470c89709f83	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Thu Sep 13 11:07:14 2018 -0700
committer	Nick Kralevich <nnk@google.com>	Fri Sep 14 18:32:20 2018 +0000
tree	e77de83f6b2e1ac6100c5740fc000bef92152e1a
parent	702fd0afacf27c62e2743a72ebeae4021a5b595c [diff] [blame]