tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Allowing userdebug/eng builds crash dump access to ks" am: bdc4f744da am: a4b0853bbc

Browse source 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1692507

Change-Id: I63bce6966acccf31ec291c5bc5040f7eb6735da2
This commit is contained in:
Shawn Willden 2021-04-30 23:02:35 +00:00 committed by Automerger Merge Worker
commit 0ceabfe4b2
2 changed files with 12 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
private/crash_dump.te
View file

@ -17,8 +17,16 @@ allow crash_dump {
-vendor_init
-vold
}:process { ptrace signal sigchld sigstop sigkill };
# TODO(b/186868271): Remove the keystore exception soon-ish (maybe by May 14, 2021?)
userdebug_or_eng(`
allow crash_dump { apexd llkd logd vold }:process { ptrace signal sigchld sigstop sigkill };
allow crash_dump {
apexd
keystore
llkd
logd
vold
}:process { ptrace signal sigchld sigstop sigkill };
')
###
@ -35,6 +43,7 @@ neverallow crash_dump {
init
kernel
keystore
userdebug_or_eng(`-keystore')
llkd
userdebug_or_eng(`-llkd')
logd

3
public/keystore.te
View file

@ -40,4 +40,5 @@ neverallow { domain -keystore } keystore_data_file:notdevfile_class_set ~{ relab
neverallow { domain -keystore -init } keystore_data_file:dir *;
neverallow { domain -keystore -init } keystore_data_file:notdevfile_class_set *;
neverallow * keystore:process ptrace;
# TODO(b/186868271): Remove the crash dump exception soon-ish (maybe by May 14, 2021?)
neverallow { domain userdebug_or_eng(`-crash_dump') } keystore:process ptrace;