Blame - private/crash_dump.te - android_system_sepolicy

blob: 27baaff4c3f51a37de222e529143f29cf9124ced [file] [log] [blame]

Alex Klyubin	f5446eb	2017-03-23 14:27:32 -0700	[diff] [blame]	1	typeattribute crash_dump coredomain;
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	2
Jeff Vander Stoep	1795d0b	2019-03-13 20:50:25 -0700	[diff] [blame]	3	# Crash dump does not need to access devices passed across exec().
Jeff Vander Stoep	60bb29f	2019-03-18 10:29:27 -0700	[diff] [blame]	4	dontaudit crash_dump { devpts dev_type }:chr_file { read write };
Jeff Vander Stoep	504a654	2019-02-15 10:29:38 -0800	[diff] [blame]	5
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	6	allow crash_dump {
				7	domain
Martijn Coenen	ac097ac	2018-08-17 09:35:42 +0200	[diff] [blame]	8	-apexd
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	9	-bpfloader
				10	-crash_dump
				11	-init
				12	-kernel
				13	-keystore
Mark Salyzyn	275ea12	2018-08-07 16:03:47 -0700	[diff] [blame]	14	-llkd
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	15	-logd
				16	-ueventd
				17	-vendor_init
				18	-vold
				19	}:process { ptrace signal sigchld sigstop sigkill };
Max Bires	f093916	2021-04-30 11:08:07 -0700	[diff] [blame]	20
Mark Salyzyn	275ea12	2018-08-07 16:03:47 -0700	[diff] [blame]	21	userdebug_or_eng(`
Max Bires	f093916	2021-04-30 11:08:07 -0700	[diff] [blame]	22	allow crash_dump {
				23	apexd
				24	keystore
				25	llkd
				26	logd
				27	vold
				28	}:process { ptrace signal sigchld sigstop sigkill };
Mark Salyzyn	275ea12	2018-08-07 16:03:47 -0700	[diff] [blame]	29	')
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	30
Ryan Savitski	941ba72	2023-02-02 14:24:45 +0000	[diff] [blame]	31	# Read ART APEX data directory
				32	allow crash_dump apex_art_data_file:dir { getattr search };
				33	allow crash_dump apex_art_data_file:file r_file_perms;
				34
Steven Moreland	91497cc	2023-12-06 01:42:29 +0000	[diff] [blame^]	35	# Allow crash dump to read bootstrap libraries
				36	allow crash_dump system_bootstrap_lib_file:dir { getattr search };
				37	allow crash_dump system_bootstrap_lib_file:file r_file_perms;
				38
Jooyung Han	18a42af	2023-09-05 17:51:38 +0900	[diff] [blame]	39	# Read Vendor APEX directories
				40	allow crash_dump vendor_apex_metadata_file:dir { getattr search };
				41
Nick Kralevich	095fbea	2018-09-13 11:07:14 -0700	[diff] [blame]	42	###
				43	### neverallow assertions
				44	###
				45
Ryan Savitski	941ba72	2023-02-02 14:24:45 +0000	[diff] [blame]	46	# sigchld not explicitly forbidden since it's part of the
				47	# domain-transition-on-exec macros, and is by itself not sensitive
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	48	neverallow crash_dump {
Andreas Gampe	efece54	2019-03-05 08:36:36 -0800	[diff] [blame]	49	apexd
				50	userdebug_or_eng(`-apexd')
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	51	bpfloader
				52	init
				53	kernel
				54	keystore
Max Bires	f093916	2021-04-30 11:08:07 -0700	[diff] [blame]	55	userdebug_or_eng(`-keystore')
Mark Salyzyn	275ea12	2018-08-07 16:03:47 -0700	[diff] [blame]	56	llkd
				57	userdebug_or_eng(`-llkd')
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	58	logd
				59	userdebug_or_eng(`-logd')
				60	ueventd
				61	vendor_init
				62	vold
Jeff Sharkey	d101896	2019-02-05 14:39:02 -0700	[diff] [blame]	63	userdebug_or_eng(`-vold')
Ryan Savitski	941ba72	2023-02-02 14:24:45 +0000	[diff] [blame]	64	}:process { ptrace signal sigstop sigkill };
Alan Stokes	b9cb73a	2018-09-03 17:27:54 +0100	[diff] [blame]	65
				66	neverallow crash_dump self:process ptrace;
Jeff Vander Stoep	504a654	2019-02-15 10:29:38 -0800	[diff] [blame]	67	neverallow crash_dump gpu_device:chr_file *;