Blame - private/crash_dump.te - android_system_sepolicy

blob: b2d3bd5a050849032c5e3381bd5925235196b7a5 [file] [log] [blame]

Alex Klyubin	f5446eb	2017-03-23 14:27:32 -0700	[diff] [blame]	1	typeattribute crash_dump coredomain;
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	2
Jeff Vander Stoep	1795d0b	2019-03-13 20:50:25 -0700	[diff] [blame]	3	# Crash dump does not need to access devices passed across exec().
Jeff Vander Stoep	60bb29f	2019-03-18 10:29:27 -0700	[diff] [blame]	4	dontaudit crash_dump { devpts dev_type }:chr_file { read write };
Jeff Vander Stoep	504a654	2019-02-15 10:29:38 -0800	[diff] [blame]	5
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	6	allow crash_dump {
				7	domain
Martijn Coenen	ac097ac	2018-08-17 09:35:42 +0200	[diff] [blame]	8	-apexd
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	9	-bpfloader
				10	-crash_dump
				11	-init
				12	-kernel
				13	-keystore
Mark Salyzyn	275ea12	2018-08-07 16:03:47 -0700	[diff] [blame]	14	-llkd
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	15	-logd
				16	-ueventd
				17	-vendor_init
				18	-vold
				19	}:process { ptrace signal sigchld sigstop sigkill };
Max Bires	f093916	2021-04-30 11:08:07 -0700	[diff] [blame]	20
Mark Salyzyn	275ea12	2018-08-07 16:03:47 -0700	[diff] [blame]	21	userdebug_or_eng(`
Max Bires	f093916	2021-04-30 11:08:07 -0700	[diff] [blame]	22	allow crash_dump {
				23	apexd
				24	keystore
				25	llkd
				26	logd
				27	vold
				28	}:process { ptrace signal sigchld sigstop sigkill };
Mark Salyzyn	275ea12	2018-08-07 16:03:47 -0700	[diff] [blame]	29	')
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	30
Ryan Savitski	941ba72	2023-02-02 14:24:45 +0000	[diff] [blame]	31	# Read ART APEX data directory
				32	allow crash_dump apex_art_data_file:dir { getattr search };
				33	allow crash_dump apex_art_data_file:file r_file_perms;
				34
Steven Moreland	91497cc	2023-12-06 01:42:29 +0000	[diff] [blame]	35	# Allow crash dump to read bootstrap libraries
				36	allow crash_dump system_bootstrap_lib_file:dir { getattr search };
				37	allow crash_dump system_bootstrap_lib_file:file r_file_perms;
				38
Jooyung Han	18a42af	2023-09-05 17:51:38 +0900	[diff] [blame]	39	# Read Vendor APEX directories
				40	allow crash_dump vendor_apex_metadata_file:dir { getattr search };
				41
Inseob Kim	75806ef	2024-03-27 17:18:41 +0900	[diff] [blame]	42	# crash_dump might inherit CAP_SYS_PTRACE from a privileged process,
				43	# which will result in an audit log even when it's allowed to trace.
				44	dontaudit crash_dump self:global_capability_class_set { sys_ptrace };
				45
				46	userdebug_or_eng(`
				47	allow crash_dump logd:process { ptrace signal sigchld sigstop sigkill };
				48
				49	# Let crash_dump write to /dev/kmsg_debug crashes that happen before logd comes up.
				50	allow crash_dump kmsg_debug_device:chr_file { open append };
				51	')
				52
				53	# Use inherited file descriptors
				54	allow crash_dump domain:fd use;
				55
				56	# Read/write IPC pipes inherited from crashing processes.
				57	allow crash_dump domain:fifo_file { read write };
				58
				59	# Append to pipes given to us by processes requesting dumps (e.g. dumpstate)
				60	allow crash_dump domain:fifo_file { append };
				61
				62	# Read information from /proc/$PID.
				63	allow crash_dump domain:process getattr;
				64
				65	r_dir_file(crash_dump, domain)
				66	allow crash_dump exec_type:file r_file_perms;
				67
				68	# Read /data/dalvik-cache.
				69	allow crash_dump dalvikcache_data_file:dir { search getattr };
				70	allow crash_dump dalvikcache_data_file:file r_file_perms;
				71
				72	# Read APEX data directories.
				73	allow crash_dump apex_module_data_file:dir { getattr search };
				74
				75	# Read uptime
				76	allow crash_dump proc_uptime:file r_file_perms;
				77
				78	# Read APK files.
				79	r_dir_file(crash_dump, apk_data_file);
				80
				81	# Read all /vendor
				82	r_dir_file(crash_dump, { vendor_file same_process_hal_file })
				83
				84	# Read all /data/local/tests
				85	r_dir_file(crash_dump, shell_test_data_file)
				86
				87	# Talk to tombstoned
				88	unix_socket_connect(crash_dump, tombstoned_crash, tombstoned)
				89
				90	# Talk to ActivityManager.
				91	unix_socket_connect(crash_dump, system_ndebug, system_server)
				92
				93	# Append to ANR files.
				94	allow crash_dump anr_data_file:file { append getattr };
				95
				96	# Append to tombstone files.
				97	allow crash_dump tombstone_data_file:file { append getattr };
				98
				99	# crash_dump writes out logcat logs at the bottom of tombstones,
				100	# which is super useful in some cases.
				101	unix_socket_connect(crash_dump, logdr, logd)
				102
				103	# Crash dump is not intended to access the following files. Since these
				104	# are WAI, suppress the denials to clean up the logs.
				105	dontaudit crash_dump {
				106	core_data_file_type
				107	vendor_file_type
				108	}:dir search;
Thiébaud Weksteen	b9cd999	2024-09-11 15:54:54 +1000	[diff] [blame^]	109	# Crash dump might try to read files that are mapped into the crashed process's
				110	# memory space to extract useful binary information such as the ELF header. See
				111	# system/core/debuggerd/libdebuggerd/tombstone_proto.cpp:dump_mappings.
				112	# Ignore these accesses.
				113	dontaudit crash_dump {
				114	app_data_file_type
				115	property_type
				116	system_data_file
				117	}:{ lnk_file file } { read open };
Inseob Kim	75806ef	2024-03-27 17:18:41 +0900	[diff] [blame]	118
Devin Moore	49a4a06	2024-05-04 00:50:52 +0000	[diff] [blame]	119	get_prop(crash_dump, misctrl_prop)
				120
Nick Kralevich	095fbea	2018-09-13 11:07:14 -0700	[diff] [blame]	121	###
				122	### neverallow assertions
				123	###
				124
Inseob Kim	75806ef	2024-03-27 17:18:41 +0900	[diff] [blame]	125	# A domain transition must occur for crash_dump to get the privileges needed to trace the process.
				126	# Do not allow the execution of crash_dump without a domain transition.
				127	neverallow domain crash_dump_exec:file execute_no_trans;
				128
Ryan Savitski	941ba72	2023-02-02 14:24:45 +0000	[diff] [blame]	129	# sigchld not explicitly forbidden since it's part of the
				130	# domain-transition-on-exec macros, and is by itself not sensitive
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	131	neverallow crash_dump {
Andreas Gampe	efece54	2019-03-05 08:36:36 -0800	[diff] [blame]	132	apexd
				133	userdebug_or_eng(`-apexd')
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	134	bpfloader
				135	init
				136	kernel
				137	keystore
Max Bires	f093916	2021-04-30 11:08:07 -0700	[diff] [blame]	138	userdebug_or_eng(`-keystore')
Mark Salyzyn	275ea12	2018-08-07 16:03:47 -0700	[diff] [blame]	139	llkd
				140	userdebug_or_eng(`-llkd')
Jeff Vander Stoep	08aa715	2018-06-13 22:10:37 -0700	[diff] [blame]	141	logd
				142	userdebug_or_eng(`-logd')
				143	ueventd
				144	vendor_init
				145	vold
Jeff Sharkey	d101896	2019-02-05 14:39:02 -0700	[diff] [blame]	146	userdebug_or_eng(`-vold')
Ryan Savitski	941ba72	2023-02-02 14:24:45 +0000	[diff] [blame]	147	}:process { ptrace signal sigstop sigkill };
Alan Stokes	b9cb73a	2018-09-03 17:27:54 +0100	[diff] [blame]	148
				149	neverallow crash_dump self:process ptrace;
Jeff Vander Stoep	504a654	2019-02-15 10:29:38 -0800	[diff] [blame]	150	neverallow crash_dump gpu_device:chr_file *;