Blame - private/crash_dump.te - android_system_sepolicy

blob: 6cc182863e2069f46c5ebcac1b63f5290d0cfdb4 [file] [log] [blame]

Alex Klyubin	f5446eb	2017-03-23 14:27:32 -0700	[diff] [blame]	1	typeattribute crash_dump coredomain;
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	2
Jeff Vander Stoep	1795d0b	2019-03-13 20:50:25 -0700	[diff] [blame]	3	# Crash dump does not need to access devices passed across exec().
Jeff Vander Stoep	60bb29f	2019-03-18 10:29:27 -0700	[diff] [blame]	4	dontaudit crash_dump { devpts dev_type }:chr_file { read write };
Jeff Vander Stoep	504a654	2019-02-15 10:29:38 -0800	[diff] [blame]	5
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	6	allow crash_dump {
				7	domain
Martijn Coenen	ac097ac	2018-08-17 09:35:42 +0200	[diff] [blame]	8	-apexd
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	9	-bpfloader
				10	-crash_dump
				11	-init
				12	-kernel
				13	-keystore
Mark Salyzyn	275ea12	2018-08-07 16:03:47 -0700	[diff] [blame]	14	-llkd
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	15	-logd
				16	-ueventd
				17	-vendor_init
				18	-vold
				19	}:process { ptrace signal sigchld sigstop sigkill };
Max Bires	f093916	2021-04-30 11:08:07 -0700	[diff] [blame]	20
Mark Salyzyn	275ea12	2018-08-07 16:03:47 -0700	[diff] [blame]	21	userdebug_or_eng(`
Max Bires	f093916	2021-04-30 11:08:07 -0700	[diff] [blame]	22	allow crash_dump {
				23	apexd
				24	keystore
				25	llkd
				26	logd
				27	vold
				28	}:process { ptrace signal sigchld sigstop sigkill };
Mark Salyzyn	275ea12	2018-08-07 16:03:47 -0700	[diff] [blame]	29	')
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	30
Ryan Savitski	941ba72	2023-02-02 14:24:45 +0000	[diff] [blame]	31	# Read ART APEX data directory
				32	allow crash_dump apex_art_data_file:dir { getattr search };
				33	allow crash_dump apex_art_data_file:file r_file_perms;
				34
Jooyung Han	18a42af	2023-09-05 17:51:38 +0900	[diff] [blame^]	35	# Read Vendor APEX directories
				36	allow crash_dump vendor_apex_metadata_file:dir { getattr search };
				37
Nick Kralevich	095fbea	2018-09-13 11:07:14 -0700	[diff] [blame]	38	###
				39	### neverallow assertions
				40	###
				41
Ryan Savitski	941ba72	2023-02-02 14:24:45 +0000	[diff] [blame]	42	# sigchld not explicitly forbidden since it's part of the
				43	# domain-transition-on-exec macros, and is by itself not sensitive
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	44	neverallow crash_dump {
Andreas Gampe	efece54	2019-03-05 08:36:36 -0800	[diff] [blame]	45	apexd
				46	userdebug_or_eng(`-apexd')
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	47	bpfloader
				48	init
				49	kernel
				50	keystore
Max Bires	f093916	2021-04-30 11:08:07 -0700	[diff] [blame]	51	userdebug_or_eng(`-keystore')
Mark Salyzyn	275ea12	2018-08-07 16:03:47 -0700	[diff] [blame]	52	llkd
				53	userdebug_or_eng(`-llkd')
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	54	logd
				55	userdebug_or_eng(`-logd')
				56	ueventd
				57	vendor_init
				58	vold
Jeff Sharkey	d101896	2019-02-05 14:39:02 -0700	[diff] [blame]	59	userdebug_or_eng(`-vold')
Ryan Savitski	941ba72	2023-02-02 14:24:45 +0000	[diff] [blame]	60	}:process { ptrace signal sigstop sigkill };
Alan Stokes	b9cb73a	2018-09-03 17:27:54 +0100	[diff] [blame]	61
				62	neverallow crash_dump self:process ptrace;
Jeff Vander Stoep	504a654	2019-02-15 10:29:38 -0800	[diff] [blame]	63	neverallow crash_dump gpu_device:chr_file *;