ac097ac4c7
apexd is a new daemon for managing APEX packages installed
on the device. It hosts a single binder service, "apexservice".
Bug: 112455435
Test: builds, binder service can be registered,
apexes can be accessed, verified and mounted
Change-Id: I634ad100f10b2edcd9a9c0df0d33896fa5d4ed97
42 lines
748 B
Text
42 lines
748 B
Text
typeattribute crash_dump coredomain;
|
|
|
|
allow crash_dump {
|
|
domain
|
|
-apexd
|
|
-bpfloader
|
|
-crash_dump
|
|
-init
|
|
-kernel
|
|
-keystore
|
|
-llkd
|
|
-logd
|
|
-ueventd
|
|
-vendor_init
|
|
-vold
|
|
}:process { ptrace signal sigchld sigstop sigkill };
|
|
userdebug_or_eng(`
|
|
allow crash_dump { llkd logd }:process { ptrace signal sigchld sigstop sigkill };
|
|
')
|
|
|
|
###
|
|
### neverallow assertions
|
|
###
|
|
|
|
# ptrace neverallow assertions are spread throughout the other policy
|
|
# files, so we avoid adding redundant assertions here
|
|
|
|
neverallow crash_dump {
|
|
bpfloader
|
|
init
|
|
kernel
|
|
keystore
|
|
llkd
|
|
userdebug_or_eng(`-llkd')
|
|
logd
|
|
userdebug_or_eng(`-logd')
|
|
ueventd
|
|
vendor_init
|
|
vold
|
|
}:process { signal sigstop sigkill };
|
|
|
|
neverallow crash_dump self:process ptrace;
|