Merge "dumpstate: assert no process ptrace"

commit: c1f8e9a04810f5a606181820dd2a66f6883c667e [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Tue Feb 21 05:15:26 2017 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Feb 21 05:15:27 2017 +0000
tree: a8570ca0456bc076e10e8f3d961cecda0698a830
parent: db955a152ff8b597cff0291c05b9d52490ba56dd [diff]
parent: 6bae84a53579a4c81a393e12a5e0b48558ffe11e [diff]
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 2ba0e58..ac81ccc 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te

@@ -195,6 +195,10 @@
 ### neverallow rules
 ###
 
+# dumpstate has capability sys_ptrace, but should only use that capability for
+# accessing sensitive /proc/PID files, never for using ptrace attach.
+neverallow dumpstate *:process ptrace;
+
 # only system_server, dumpstate and shell can find the dumpstate service
 neverallow { domain -system_server -shell -dumpstate } dumpstate_service:service_manager find;
commit	c1f8e9a04810f5a606181820dd2a66f6883c667e	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Tue Feb 21 05:15:26 2017 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Tue Feb 21 05:15:27 2017 +0000
tree	a8570ca0456bc076e10e8f3d961cecda0698a830
parent	db955a152ff8b597cff0291c05b9d52490ba56dd [diff]
parent	6bae84a53579a4c81a393e12a5e0b48558ffe11e [diff]