Merge "crash_dump: supress denials for files in /proc"

commit: d64e4f4fd10b6ce73999c2411cddc96c6393e3ab [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Tue Mar 30 14:03:10 2021 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Mar 30 14:03:10 2021 +0000
tree: 20ed68ee162333b7382b848d4f22fd8cceed8f33
parent: 702b357796e8d84e837b864a3e997daa9cf370e9 [diff]
parent: bd247bc88a01423967e6ddac5a677c3823b94b5e [diff]
diff --git a/public/crash_dump.te b/public/crash_dump.te
index c512b45..a6f0a94 100644
--- a/public/crash_dump.te
+++ b/public/crash_dump.te

@@ -65,6 +65,10 @@
 dontaudit crash_dump system_data_file:{ lnk_file file } read;
 dontaudit crash_dump property_type:file read;
 
+# Suppress denials for files in /proc that are passed
+# across exec().
+dontaudit crash_dump proc_type:file rw_file_perms;
+
 ###
 ### neverallow assertions
 ###
commit	d64e4f4fd10b6ce73999c2411cddc96c6393e3ab	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Tue Mar 30 14:03:10 2021 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Tue Mar 30 14:03:10 2021 +0000
tree	20ed68ee162333b7382b848d4f22fd8cceed8f33
parent	702b357796e8d84e837b864a3e997daa9cf370e9 [diff]
parent	bd247bc88a01423967e6ddac5a677c3823b94b5e [diff]