Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 60bb29fcdfa2ea7d98bacfaee948a787497df608 / . / private / crash_dump.te
blob: f130327da4319845697f0c883e6cddb00e459317 [file] [log] [blame]
Alex Klyubinf5446eb2017-03-23 14:27:32 -0700[diff] [blame]1typeattribute crash_dump coredomain;
Jeff Vander Stoep08aa7152018-06-13 22:10:37 -0700[diff] [blame]2
Jeff Vander Stoep1795d0b2019-03-13 20:50:25 -0700[diff] [blame]3# Crash dump does not need to access devices passed across exec().
Jeff Vander Stoep60bb29f2019-03-18 10:29:27 -0700[diff] [blame^]4dontaudit crash_dump { devpts dev_type }:chr_file { read write };
Jeff Vander Stoep504a6542019-02-15 10:29:38 -0800[diff] [blame]5
Jeff Vander Stoep08aa7152018-06-13 22:10:37 -0700[diff] [blame]6allow crash_dump {
7 domain
Martijn Coenenac097ac2018-08-17 09:35:42 +0200[diff] [blame]8 -apexd
Jeff Vander Stoep08aa7152018-06-13 22:10:37 -0700[diff] [blame]9 -bpfloader
10 -crash_dump
11 -init
12 -kernel
13 -keystore
Mark Salyzyn275ea122018-08-07 16:03:47 -0700[diff] [blame]14 -llkd
Jeff Vander Stoep08aa7152018-06-13 22:10:37 -0700[diff] [blame]15 -logd
16 -ueventd
17 -vendor_init
18 -vold
19}:process { ptrace signal sigchld sigstop sigkill };
Mark Salyzyn275ea122018-08-07 16:03:47 -0700[diff] [blame]20userdebug_or_eng(`
Andreas Gampeefece542019-03-05 08:36:36 -0800[diff] [blame]21 allow crash_dump { apexd llkd logd vold }:process { ptrace signal sigchld sigstop sigkill };
Mark Salyzyn275ea122018-08-07 16:03:47 -0700[diff] [blame]22')
Jeff Vander Stoep08aa7152018-06-13 22:10:37 -0700[diff] [blame]23
Nick Kralevich095fbea2018-09-13 11:07:14 -0700[diff] [blame]24###
25### neverallow assertions
26###
27
28# ptrace neverallow assertions are spread throughout the other policy
29# files, so we avoid adding redundant assertions here
30
Jeff Vander Stoep08aa7152018-06-13 22:10:37 -0700[diff] [blame]31neverallow crash_dump {
Andreas Gampeefece542019-03-05 08:36:36 -0800[diff] [blame]32 apexd
33 userdebug_or_eng(`-apexd')
Jeff Vander Stoep08aa7152018-06-13 22:10:37 -0700[diff] [blame]34 bpfloader
35 init
36 kernel
37 keystore
Mark Salyzyn275ea122018-08-07 16:03:47 -0700[diff] [blame]38 llkd
39 userdebug_or_eng(`-llkd')
Jeff Vander Stoep08aa7152018-06-13 22:10:37 -0700[diff] [blame]40 logd
41 userdebug_or_eng(`-logd')
42 ueventd
43 vendor_init
44 vold
Jeff Sharkeyd1018962019-02-05 14:39:02 -0700[diff] [blame]45 userdebug_or_eng(`-vold')
Nick Kralevich095fbea2018-09-13 11:07:14 -0700[diff] [blame]46}:process { signal sigstop sigkill };
Alan Stokesb9cb73a2018-09-03 17:27:54 +0100[diff] [blame]47
48neverallow crash_dump self:process ptrace;
Jeff Vander Stoep504a6542019-02-15 10:29:38 -0800[diff] [blame]49neverallow crash_dump gpu_device:chr_file *;