platform_system_sepolicy/microdroid/system/private/crash_dump.te

67 lines
1.9 KiB
Text
Raw Normal View History

# crash_dump might inherit CAP_SYS_PTRACE from a privileged process,
# which will result in an audit log even when it's allowed to trace.
dontaudit crash_dump self:global_capability_class_set { sys_ptrace };
allow crash_dump kmsg_debug_device:chr_file { open append };
# Use inherited file descriptors
allow crash_dump domain:fd use;
# Read/write IPC pipes inherited from crashing processes.
allow crash_dump domain:fifo_file { read write };
# Append to pipes given to us by processes requesting dumps (e.g. dumpstate)
allow crash_dump domain:fifo_file { append };
# Read information from /proc/$PID.
allow crash_dump domain:process getattr;
r_dir_file(crash_dump, domain)
allow crash_dump exec_type:file r_file_perms;
# Read all /vendor
r_dir_file(crash_dump, vendor_file)
# Talk to tombstoned
unix_socket_connect(crash_dump, tombstoned_crash, tombstoned)
# Append to tombstone files.
allow crash_dump tombstone_data_file:file { append getattr };
# Crash dump is not intended to access the following files. Since these
# are WAI, suppress the denials to clean up the logs.
dontaudit crash_dump {
core_data_file_type
vendor_file_type
}:dir search;
dontaudit crash_dump system_data_file:{ lnk_file file } read;
dontaudit crash_dump property_type:file read;
# Suppress denials for files in /proc that are passed
# across exec().
dontaudit crash_dump proc_type:file rw_file_perms;
typeattribute crash_dump coredomain;
# Crash dump does not need to access devices passed across exec().
dontaudit crash_dump { devpts dev_type }:chr_file { read write };
allow crash_dump {
domain
-apexd
-crash_dump
-init
-kernel
-no_crash_dump_domain
-ueventd
-vendor_init
}:process { ptrace signal sigchld sigstop sigkill };
userdebug_or_eng(`
allow crash_dump {
apexd
}:process { ptrace signal sigchld sigstop sigkill };
')
neverallow crash_dump no_crash_dump_domain:process ptrace;