Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / ec651944a04551578080b8f49fb0286d9c16f891 / . / private / crash_dump.te
blob: bb13bff1c0b1913694d3564d2aa9a3be4ac52e5f [file] [log] [blame]
Alex Klyubinf5446eb2017-03-23 14:27:32 -0700[diff] [blame]1typeattribute crash_dump coredomain;
Jeff Vander Stoep08aa7152018-06-13 22:10:37 -0700[diff] [blame]2
3allow crash_dump {
4 domain
Martijn Coenenac097ac2018-08-17 09:35:42 +0200[diff] [blame]5 -apexd
Jeff Vander Stoep08aa7152018-06-13 22:10:37 -0700[diff] [blame]6 -bpfloader
7 -crash_dump
8 -init
9 -kernel
10 -keystore
Mark Salyzyn275ea122018-08-07 16:03:47 -0700[diff] [blame]11 -llkd
Jeff Vander Stoep08aa7152018-06-13 22:10:37 -0700[diff] [blame]12 -logd
13 -ueventd
14 -vendor_init
15 -vold
16}:process { ptrace signal sigchld sigstop sigkill };
Mark Salyzyn275ea122018-08-07 16:03:47 -0700[diff] [blame]17userdebug_or_eng(`
Jeff Sharkeyd1018962019-02-05 14:39:02 -0700[diff] [blame]18 allow crash_dump { llkd logd vold }:process { ptrace signal sigchld sigstop sigkill };
Mark Salyzyn275ea122018-08-07 16:03:47 -0700[diff] [blame]19')
Jeff Vander Stoep08aa7152018-06-13 22:10:37 -0700[diff] [blame]20
Nick Kralevich095fbea2018-09-13 11:07:14 -0700[diff] [blame]21###
22### neverallow assertions
23###
24
25# ptrace neverallow assertions are spread throughout the other policy
26# files, so we avoid adding redundant assertions here
27
Jeff Vander Stoep08aa7152018-06-13 22:10:37 -0700[diff] [blame]28neverallow crash_dump {
29 bpfloader
30 init
31 kernel
32 keystore
Mark Salyzyn275ea122018-08-07 16:03:47 -0700[diff] [blame]33 llkd
34 userdebug_or_eng(`-llkd')
Jeff Vander Stoep08aa7152018-06-13 22:10:37 -0700[diff] [blame]35 logd
36 userdebug_or_eng(`-logd')
37 ueventd
38 vendor_init
39 vold
Jeff Sharkeyd1018962019-02-05 14:39:02 -0700[diff] [blame]40 userdebug_or_eng(`-vold')
Nick Kralevich095fbea2018-09-13 11:07:14 -0700[diff] [blame]41}:process { signal sigstop sigkill };
Alan Stokesb9cb73a2018-09-03 17:27:54 +0100[diff] [blame]42
43neverallow crash_dump self:process ptrace;