Block crash_dump from no_crash_dump_domain
These domains already can't transition to crash_dump, but also need to make sure crash_dump can't be run and pointed at them. Bug: 218494522 Test: Builds Change-Id: I76f88faf8ff4c88e85eaf6a8db546dc644a71928
This commit is contained in:
Alan Stokes
parent
275836a9af
commit
ff648192d9
1 changed files with 3 additions and 0 deletions
|
|
@ -57,6 +57,7 @@ allow crash_dump {
|
||||||
-init
|
-init
|
||||||
-kernel
|
-kernel
|
||||||
-logd
|
-logd
|
||||||
|
-no_crash_dump_domain
|
||||||
-ueventd
|
-ueventd
|
||||||
-vendor_init
|
-vendor_init
|
||||||
}:process { ptrace signal sigchld sigstop sigkill };
|
}:process { ptrace signal sigchld sigstop sigkill };
|
||||||
|
|
@ -67,3 +68,5 @@ userdebug_or_eng(`
|
||||||
logd
|
logd
|
||||||
}:process { ptrace signal sigchld sigstop sigkill };
|
}:process { ptrace signal sigchld sigstop sigkill };
|
||||||
')
|
')
|
||||||
|
|
||||||
|
neverallow crash_dump no_crash_dump_domain:process ptrace;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue