platform_system_sepolicy/microdroid/system/private/crash_dump.te

# crash_dump might inherit CAP_SYS_PTRACE from a privileged process,
# which will result in an audit log even when it's allowed to trace.
dontaudit crash_dump self:global_capability_class_set { sys_ptrace };

allow crash_dump kmsg_debug_device:chr_file { open append };

# Use inherited file descriptors
allow crash_dump domain:fd use;

# Read/write IPC pipes inherited from crashing processes.
allow crash_dump domain:fifo_file { read write };

# Append to pipes given to us by processes requesting dumps (e.g. dumpstate)
allow crash_dump domain:fifo_file { append };

# Read information from /proc/$PID.
allow crash_dump domain:process getattr;

r_dir_file(crash_dump, domain)
allow crash_dump exec_type:file r_file_perms;

# Read all /vendor
r_dir_file(crash_dump, vendor_file)

# Talk to tombstoned
unix_socket_connect(crash_dump, tombstoned_crash, tombstoned)

# Append to tombstone files.
allow crash_dump tombstone_data_file:file { append getattr };

# Crash dump is not intended to access the following files. Since these
# are WAI, suppress the denials to clean up the logs.
dontaudit crash_dump {
  core_data_file_type
  vendor_file_type
}:dir search;
dontaudit crash_dump system_data_file:{ lnk_file file } read;
dontaudit crash_dump property_type:file read;

# Suppress denials for files in /proc that are passed
# across exec().
dontaudit crash_dump proc_type:file rw_file_perms;

typeattribute crash_dump coredomain;

# Crash dump does not need to access devices passed across exec().
dontaudit crash_dump { devpts dev_type }:chr_file { read write };

allow crash_dump {
  domain
  -apexd
  -crash_dump
  -init
  -kernel
  -no_crash_dump_domain
  -ueventd
  -vendor_init
}:process { ptrace signal sigchld sigstop sigkill };

userdebug_or_eng(`
  allow crash_dump {
    apexd
  }:process { ptrace signal sigchld sigstop sigkill };
')

neverallow crash_dump no_crash_dump_domain:process ptrace;