| Tri Vo | bc8dc3a | 2019-05-26 13:17:08 -0700 | [diff] [blame^] | 1 | typeattribute dumpstate coredomain; |
| 2 | |
| 3 | init_daemon_domain(dumpstate) |
| 4 | |
| 5 | # Execute and transition to the vdc domain |
| 6 | domain_auto_trans(dumpstate, vdc_exec, vdc) |
| 7 | |
| 8 | # Acquire advisory lock on /system/etc/xtables.lock from ip[6]tables |
| 9 | allow dumpstate system_file:file lock; |
| 10 | |
| 11 | allow dumpstate storaged_exec:file rx_file_perms; |
| 12 | |
| 13 | # /data/misc/wmtrace for wm traces |
| 14 | userdebug_or_eng(` |
| 15 | allow dumpstate wm_trace_data_file:dir r_dir_perms; |
| 16 | allow dumpstate wm_trace_data_file:file r_file_perms; |
| 17 | ') |
| 18 | |
| 19 | # Allow dumpstate to make binder calls to incidentd |
| 20 | binder_call(dumpstate, incidentd) |
| 21 | |
| 22 | # Allow dumpstate to make binder calls to storaged service |
| 23 | binder_call(dumpstate, storaged) |
| 24 | |
| 25 | # Allow dumpstate to make binder calls to statsd |
| 26 | binder_call(dumpstate, statsd) |
| 27 | |
| 28 | # Allow dumpstate to talk to gpuservice over binder |
| 29 | binder_call(dumpstate, gpuservice); |
| 30 | |
| 31 | # Allow dumpstate to talk to idmap over binder |
| 32 | binder_call(dumpstate, idmap); |
| 33 | |
| 34 | # Collect metrics on boot time created by init |
| 35 | get_prop(dumpstate, boottime_prop) |
| 36 | |
| 37 | # Signal native processes to dump their stack. |
| 38 | allow dumpstate { |
| 39 | statsd |
| 40 | netd |
| 41 | }:process signal; |
| 42 | |
| 43 | # For collecting bugreports. |
| 44 | allow dumpstate debugfs_wakeup_sources:file r_file_perms; |
| 45 | allow dumpstate dev_type:blk_file getattr; |
| 46 | allow dumpstate webview_zygote:process signal; |
| 47 | dontaudit dumpstate perfprofd:binder call; |
| 48 | dontaudit dumpstate update_engine:binder call; |
| 49 | allow dumpstate proc_net_tcp_udp:file r_file_perms; |
| 50 | |
| 51 | # For comminucating with the system process to do confirmation ui. |
| 52 | binder_call(dumpstate, incidentcompanion_service) |