Merge "Block crash_dump from no_crash_dump_domain"

commit: a4e2f0ce01c405eefa72481bad7032cf064242d0 [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Fri Feb 25 08:53:36 2022 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Fri Feb 25 08:53:36 2022 +0000
tree: 2de40a215c45c007a2a966a0bade6cff6c07193c
parent: 6872b1db6904f76db4eb4c36525fdf2230aae6ba [diff]
parent: ff648192d90726353c5a037c97a87511076726fa [diff]
diff --git a/microdroid/system/private/crash_dump.te b/microdroid/system/private/crash_dump.te
index a636e9c..61dfa0b 100644
--- a/microdroid/system/private/crash_dump.te
+++ b/microdroid/system/private/crash_dump.te

@@ -57,6 +57,7 @@
   -init
   -kernel
   -logd
+  -no_crash_dump_domain
   -ueventd
   -vendor_init
 }:process { ptrace signal sigchld sigstop sigkill };
@@ -67,3 +68,5 @@
     logd
   }:process { ptrace signal sigchld sigstop sigkill };
 ')
+
+neverallow crash_dump no_crash_dump_domain:process ptrace;
commit	a4e2f0ce01c405eefa72481bad7032cf064242d0	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Fri Feb 25 08:53:36 2022 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Fri Feb 25 08:53:36 2022 +0000
tree	2de40a215c45c007a2a966a0bade6cff6c07193c
parent	6872b1db6904f76db4eb4c36525fdf2230aae6ba [diff]
parent	ff648192d90726353c5a037c97a87511076726fa [diff]