Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / d115b8ed246a03e364933f0b906354041962a4ec / . / private / crash_dump.te
blob: 831ff04a70f181dd0d895c2d0d4eedac27f82c4f [file] [log] [blame]
Alex Klyubinf5446eb2017-03-23 14:27:32 -0700[diff] [blame]1typeattribute crash_dump coredomain;
Jeff Vander Stoep08aa7152018-06-13 22:10:37 -0700[diff] [blame]2
3allow crash_dump {
4 domain
5 -bpfloader
6 -crash_dump
7 -init
8 -kernel
9 -keystore
Mark Salyzyn275ea122018-08-07 16:03:47 -0700[diff] [blame]10 -llkd
Jeff Vander Stoep08aa7152018-06-13 22:10:37 -0700[diff] [blame]11 -logd
12 -ueventd
13 -vendor_init
14 -vold
15}:process { ptrace signal sigchld sigstop sigkill };
Mark Salyzyn275ea122018-08-07 16:03:47 -0700[diff] [blame]16userdebug_or_eng(`
17 allow crash_dump { llkd logd }:process { ptrace signal sigchld sigstop sigkill };
18')
Jeff Vander Stoep08aa7152018-06-13 22:10:37 -0700[diff] [blame]19
Nick Kralevich095fbea2018-09-13 11:07:14 -0700[diff] [blame]20###
21### neverallow assertions
22###
23
24# ptrace neverallow assertions are spread throughout the other policy
25# files, so we avoid adding redundant assertions here
26
Jeff Vander Stoep08aa7152018-06-13 22:10:37 -0700[diff] [blame]27neverallow crash_dump {
28 bpfloader
29 init
30 kernel
31 keystore
Mark Salyzyn275ea122018-08-07 16:03:47 -0700[diff] [blame]32 llkd
33 userdebug_or_eng(`-llkd')
Jeff Vander Stoep08aa7152018-06-13 22:10:37 -0700[diff] [blame]34 logd
35 userdebug_or_eng(`-logd')
36 ueventd
37 vendor_init
38 vold
Nick Kralevich095fbea2018-09-13 11:07:14 -0700[diff] [blame]39}:process { signal sigstop sigkill };
Alan Stokesb9cb73a2018-09-03 17:27:54 +0100[diff] [blame]40
41neverallow crash_dump self:process ptrace;