Blame - private/crash_dump.te - android_system_sepolicy

blob: 4bd1d38218947d93bca0a90d6166fb2b27ea5216 [file] [log] [blame]

Alex Klyubin	f5446eb	2017-03-23 14:27:32 -0700	[diff] [blame]	1	typeattribute crash_dump coredomain;
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	2
Jeff Vander Stoep	1795d0b	2019-03-13 20:50:25 -0700	[diff] [blame]	3	# Crash dump does not need to access devices passed across exec().
Jeff Vander Stoep	60bb29f	2019-03-18 10:29:27 -0700	[diff] [blame]	4	dontaudit crash_dump { devpts dev_type }:chr_file { read write };
Jeff Vander Stoep	504a654	2019-02-15 10:29:38 -0800	[diff] [blame]	5
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	6	allow crash_dump {
				7	domain
Martijn Coenen	ac097ac	2018-08-17 09:35:42 +0200	[diff] [blame]	8	-apexd
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	9	-bpfloader
				10	-crash_dump
				11	-init
				12	-kernel
				13	-keystore
Mark Salyzyn	275ea12	2018-08-07 16:03:47 -0700	[diff] [blame]	14	-llkd
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	15	-logd
				16	-ueventd
				17	-vendor_init
				18	-vold
				19	}:process { ptrace signal sigchld sigstop sigkill };
Max Bires	f093916	2021-04-30 11:08:07 -0700	[diff] [blame]	20
Mark Salyzyn	275ea12	2018-08-07 16:03:47 -0700	[diff] [blame]	21	userdebug_or_eng(`
Max Bires	ef43855	2024-10-16 12:57:48 +0000	[diff] [blame]	22	allow crash_dump { apexd llkd logd vold }:process { ptrace signal sigchld sigstop sigkill };
Mark Salyzyn	275ea12	2018-08-07 16:03:47 -0700	[diff] [blame]	23	')
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	24
Ryan Savitski	941ba72	2023-02-02 14:24:45 +0000	[diff] [blame]	25	# Read ART APEX data directory
				26	allow crash_dump apex_art_data_file:dir { getattr search };
				27	allow crash_dump apex_art_data_file:file r_file_perms;
				28
Steven Moreland	91497cc	2023-12-06 01:42:29 +0000	[diff] [blame]	29	# Allow crash dump to read bootstrap libraries
				30	allow crash_dump system_bootstrap_lib_file:dir { getattr search };
				31	allow crash_dump system_bootstrap_lib_file:file r_file_perms;
				32
Jooyung Han	18a42af	2023-09-05 17:51:38 +0900	[diff] [blame]	33	# Read Vendor APEX directories
				34	allow crash_dump vendor_apex_metadata_file:dir { getattr search };
				35
Inseob Kim	75806ef	2024-03-27 17:18:41 +0900	[diff] [blame]	36	# crash_dump might inherit CAP_SYS_PTRACE from a privileged process,
				37	# which will result in an audit log even when it's allowed to trace.
				38	dontaudit crash_dump self:global_capability_class_set { sys_ptrace };
				39
				40	userdebug_or_eng(`
				41	allow crash_dump logd:process { ptrace signal sigchld sigstop sigkill };
				42
				43	# Let crash_dump write to /dev/kmsg_debug crashes that happen before logd comes up.
				44	allow crash_dump kmsg_debug_device:chr_file { open append };
				45	')
				46
				47	# Use inherited file descriptors
				48	allow crash_dump domain:fd use;
				49
				50	# Read/write IPC pipes inherited from crashing processes.
				51	allow crash_dump domain:fifo_file { read write };
				52
				53	# Append to pipes given to us by processes requesting dumps (e.g. dumpstate)
				54	allow crash_dump domain:fifo_file { append };
				55
				56	# Read information from /proc/$PID.
				57	allow crash_dump domain:process getattr;
				58
				59	r_dir_file(crash_dump, domain)
				60	allow crash_dump exec_type:file r_file_perms;
				61
				62	# Read /data/dalvik-cache.
				63	allow crash_dump dalvikcache_data_file:dir { search getattr };
				64	allow crash_dump dalvikcache_data_file:file r_file_perms;
				65
				66	# Read APEX data directories.
				67	allow crash_dump apex_module_data_file:dir { getattr search };
				68
				69	# Read uptime
				70	allow crash_dump proc_uptime:file r_file_perms;
				71
				72	# Read APK files.
				73	r_dir_file(crash_dump, apk_data_file);
				74
				75	# Read all /vendor
				76	r_dir_file(crash_dump, { vendor_file same_process_hal_file })
				77
				78	# Read all /data/local/tests
				79	r_dir_file(crash_dump, shell_test_data_file)
				80
				81	# Talk to tombstoned
				82	unix_socket_connect(crash_dump, tombstoned_crash, tombstoned)
				83
				84	# Talk to ActivityManager.
				85	unix_socket_connect(crash_dump, system_ndebug, system_server)
				86
				87	# Append to ANR files.
				88	allow crash_dump anr_data_file:file { append getattr };
				89
				90	# Append to tombstone files.
				91	allow crash_dump tombstone_data_file:file { append getattr };
				92
				93	# crash_dump writes out logcat logs at the bottom of tombstones,
				94	# which is super useful in some cases.
				95	unix_socket_connect(crash_dump, logdr, logd)
				96
				97	# Crash dump is not intended to access the following files. Since these
				98	# are WAI, suppress the denials to clean up the logs.
				99	dontaudit crash_dump {
				100	core_data_file_type
				101	vendor_file_type
				102	}:dir search;
Thiébaud Weksteen	b9cd999	2024-09-11 15:54:54 +1000	[diff] [blame]	103	# Crash dump might try to read files that are mapped into the crashed process's
				104	# memory space to extract useful binary information such as the ELF header. See
				105	# system/core/debuggerd/libdebuggerd/tombstone_proto.cpp:dump_mappings.
				106	# Ignore these accesses.
				107	dontaudit crash_dump {
				108	app_data_file_type
				109	property_type
				110	system_data_file
				111	}:{ lnk_file file } { read open };
Inseob Kim	75806ef	2024-03-27 17:18:41 +0900	[diff] [blame]	112
Devin Moore	49a4a06	2024-05-04 00:50:52 +0000	[diff] [blame]	113	get_prop(crash_dump, misctrl_prop)
				114
Nick Kralevich	095fbea	2018-09-13 11:07:14 -0700	[diff] [blame]	115	###
				116	### neverallow assertions
				117	###
				118
Inseob Kim	75806ef	2024-03-27 17:18:41 +0900	[diff] [blame]	119	# A domain transition must occur for crash_dump to get the privileges needed to trace the process.
				120	# Do not allow the execution of crash_dump without a domain transition.
Paul Lawrence	840b607	2025-01-28 07:41:05 -0800	[diff] [blame^]	121	neverallow {
				122	domain
				123	userdebug_or_eng(`-overlay_remounter')
				124	} crash_dump_exec:file execute_no_trans;
Inseob Kim	75806ef	2024-03-27 17:18:41 +0900	[diff] [blame]	125
Ryan Savitski	941ba72	2023-02-02 14:24:45 +0000	[diff] [blame]	126	# sigchld not explicitly forbidden since it's part of the
				127	# domain-transition-on-exec macros, and is by itself not sensitive
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	128	neverallow crash_dump {
Andreas Gampe	efece54	2019-03-05 08:36:36 -0800	[diff] [blame]	129	apexd
				130	userdebug_or_eng(`-apexd')
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	131	bpfloader
				132	init
				133	kernel
				134	keystore
Mark Salyzyn	275ea12	2018-08-07 16:03:47 -0700	[diff] [blame]	135	llkd
				136	userdebug_or_eng(`-llkd')
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	137	logd
				138	userdebug_or_eng(`-logd')
				139	ueventd
				140	vendor_init
				141	vold
Jeff Sharkey	d101896	2019-02-05 14:39:02 -0700	[diff] [blame]	142	userdebug_or_eng(`-vold')
Ryan Savitski	941ba72	2023-02-02 14:24:45 +0000	[diff] [blame]	143	}:process { ptrace signal sigstop sigkill };
Alan Stokes	b9cb73a	2018-09-03 17:27:54 +0100	[diff] [blame]	144
				145	neverallow crash_dump self:process ptrace;
Jeff Vander Stoep	504a654	2019-02-15 10:29:38 -0800	[diff] [blame]	146	neverallow crash_dump gpu_device:chr_file *;