Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 3fbd303d1c51381db9b5c0bac5f08d72053b5a96 / . / private / crash_dump.te
blob: fd2e4b6c0a9f3e827de8d80721b6fa27a4555edb [file] [log] [blame]
Alex Klyubinf5446eb2017-03-23 14:27:32 -0700[diff] [blame]1typeattribute crash_dump coredomain;
Jeff Vander Stoep08aa7152018-06-13 22:10:37 -0700[diff] [blame]2
Jeff Vander Stoep504a6542019-02-15 10:29:38 -0800[diff] [blame]3# Crash dump does not need to access the GPU.
4dontaudit crash_dump gpu_device:chr_file *;
5
Jeff Vander Stoep08aa7152018-06-13 22:10:37 -0700[diff] [blame]6allow crash_dump {
7 domain
Martijn Coenenac097ac2018-08-17 09:35:42 +0200[diff] [blame]8 -apexd
Jeff Vander Stoep08aa7152018-06-13 22:10:37 -0700[diff] [blame]9 -bpfloader
10 -crash_dump
11 -init
12 -kernel
13 -keystore
Mark Salyzyn275ea122018-08-07 16:03:47 -0700[diff] [blame]14 -llkd
Jeff Vander Stoep08aa7152018-06-13 22:10:37 -0700[diff] [blame]15 -logd
16 -ueventd
17 -vendor_init
18 -vold
19}:process { ptrace signal sigchld sigstop sigkill };
Mark Salyzyn275ea122018-08-07 16:03:47 -0700[diff] [blame]20userdebug_or_eng(`
Jeff Sharkeyd1018962019-02-05 14:39:02 -0700[diff] [blame]21 allow crash_dump { llkd logd vold }:process { ptrace signal sigchld sigstop sigkill };
Mark Salyzyn275ea122018-08-07 16:03:47 -0700[diff] [blame]22')
Jeff Vander Stoep08aa7152018-06-13 22:10:37 -0700[diff] [blame]23
Nick Kralevich095fbea2018-09-13 11:07:14 -0700[diff] [blame]24###
25### neverallow assertions
26###
27
28# ptrace neverallow assertions are spread throughout the other policy
29# files, so we avoid adding redundant assertions here
30
Jeff Vander Stoep08aa7152018-06-13 22:10:37 -0700[diff] [blame]31neverallow crash_dump {
32 bpfloader
33 init
34 kernel
35 keystore
Mark Salyzyn275ea122018-08-07 16:03:47 -0700[diff] [blame]36 llkd
37 userdebug_or_eng(`-llkd')
Jeff Vander Stoep08aa7152018-06-13 22:10:37 -0700[diff] [blame]38 logd
39 userdebug_or_eng(`-logd')
40 ueventd
41 vendor_init
42 vold
Jeff Sharkeyd1018962019-02-05 14:39:02 -0700[diff] [blame]43 userdebug_or_eng(`-vold')
Nick Kralevich095fbea2018-09-13 11:07:14 -0700[diff] [blame]44}:process { signal sigstop sigkill };
Alan Stokesb9cb73a2018-09-03 17:27:54 +0100[diff] [blame]45
46neverallow crash_dump self:process ptrace;
Jeff Vander Stoep504a6542019-02-15 10:29:38 -0800[diff] [blame]47neverallow crash_dump gpu_device:chr_file *;