Block crash_dump from no_crash_dump_domain

These domains already can't transition to crash_dump, but also need to
make sure crash_dump can't be run and pointed at them.

Bug: 218494522
Test: Builds
Change-Id: I76f88faf8ff4c88e85eaf6a8db546dc644a71928
This commit is contained in:
Alan Stokes 2022-02-24 16:31:44 +00:00
parent 275836a9af
commit ff648192d9

View file

@ -57,6 +57,7 @@ allow crash_dump {
-init -init
-kernel -kernel
-logd -logd
-no_crash_dump_domain
-ueventd -ueventd
-vendor_init -vendor_init
}:process { ptrace signal sigchld sigstop sigkill }; }:process { ptrace signal sigchld sigstop sigkill };
@ -67,3 +68,5 @@ userdebug_or_eng(`
logd logd
}:process { ptrace signal sigchld sigstop sigkill }; }:process { ptrace signal sigchld sigstop sigkill };
') ')
neverallow crash_dump no_crash_dump_domain:process ptrace;