dumpstate: assert no process ptrace dumpstate has CAP_SYS_PTRACE solely for the purpose of reading sensitive /proc/PID files, not for using ptrace attach. Add an assert to ensure that's the case. Test: policy compiles. Change-Id: I975308fae3f8e9a039b9efdc0e9605192b405ce7

commit: 6bae84a53579a4c81a393e12a5e0b48558ffe11e [log] [tgz]
author: Nick Kralevich <nnk@google.com> Sat Feb 18 08:22:54 2017 -0800
committer: Nick Kralevich <nnk@google.com> Sat Feb 18 08:24:13 2017 -0800
tree: a8457c2e31d7563f8be607ef1d341571fb97392b
parent: eebb73b517fde4302b6092cc12b3292e060bed25 [diff]
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 2ba0e58..ac81ccc 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te

@@ -195,6 +195,10 @@
 ### neverallow rules
 ###
 
+# dumpstate has capability sys_ptrace, but should only use that capability for
+# accessing sensitive /proc/PID files, never for using ptrace attach.
+neverallow dumpstate *:process ptrace;
+
 # only system_server, dumpstate and shell can find the dumpstate service
 neverallow { domain -system_server -shell -dumpstate } dumpstate_service:service_manager find;
commit	6bae84a53579a4c81a393e12a5e0b48558ffe11e	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Sat Feb 18 08:22:54 2017 -0800
committer	Nick Kralevich <nnk@google.com>	Sat Feb 18 08:24:13 2017 -0800
tree	a8457c2e31d7563f8be607ef1d341571fb97392b
parent	eebb73b517fde4302b6092cc12b3292e060bed25 [diff]