tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/prebuilts/api/33.0/private/crash_dump.te
David Brazdil 49465870fa crash_dump: Update prebuilts for API 33 
Bug: 236672526
Test: n/a
Ignore-AOSP-First: Will update AOSP after this has landed.
Change-Id: I49571dcfdd9c194101cc929772fa15463609fa8c
2022-07-07 09:11:40 +00:00

65 lines
1.3 KiB
Text
Raw Blame History

typeattribute crash_dump coredomain;
# Crash dump does not need to access devices passed across exec().
dontaudit crash_dump { devpts dev_type }:chr_file { read write };
allow crash_dump {
domain
-apexd
-bpfloader
-crash_dump
-crosvm # TODO(b/236672526): Remove exception for crosvm
-diced
-init
-kernel
-keystore
-llkd
-logd
-ueventd
-vendor_init
-vold
}:process { ptrace signal sigchld sigstop sigkill };
# TODO(b/186868271): Remove the keystore exception soon-ish (maybe by May 14, 2021?)
userdebug_or_eng(`
allow crash_dump {
apexd
keystore
llkd
logd
vold
}:process { ptrace signal sigchld sigstop sigkill };
')
###
### neverallow assertions
###
# ptrace neverallow assertions are spread throughout the other policy
# files, so we avoid adding redundant assertions here
neverallow crash_dump {
apexd
userdebug_or_eng(`-apexd')
bpfloader
diced
init
kernel
keystore
userdebug_or_eng(`-keystore')
llkd
userdebug_or_eng(`-llkd')
logd
userdebug_or_eng(`-logd')
ueventd
vendor_init
vold
userdebug_or_eng(`-vold')
}:process { signal sigstop sigkill };
neverallow crash_dump self:process ptrace;
neverallow crash_dump gpu_device:chr_file *;
# Read ART APEX data directory
allow crash_dump apex_art_data_file:dir { getattr search };
allow crash_dump apex_art_data_file:file r_file_perms;
Reference in a new issue View git blame Copy permalink