platform_system_sepolicy/public/crash_dump.te
Joel Galenson a01e93130d Widen crash_dump dontaudit.
We have seen crash_dump denials for radio_data_file,
shared_relro_file, shell_data_file, and vendor_app_file.  This commit
widens an existing dontaudit to include them as well as others that we
might see.

Bug: 77908066
Test: Boot device.
Change-Id: I9ad2a2dafa8e73b13c08d0cc6886274a7c0e3bac
(cherry picked from commit a3b3bdbb2f)
2018-04-11 11:02:06 -07:00

73 lines
2.2 KiB
Text

type crash_dump, domain;
type crash_dump_exec, exec_type, file_type;
allow crash_dump {
domain
-init
-crash_dump
-keystore
-logd
}:process { ptrace signal sigchld sigstop sigkill };
# crash_dump might inherit CAP_SYS_PTRACE from a privileged process,
# which will result in an audit log even when it's allowed to trace.
dontaudit crash_dump self:global_capability_class_set { sys_ptrace };
userdebug_or_eng(`
allow crash_dump logd:process { ptrace signal sigchld sigstop sigkill };
# Let crash_dump write to /dev/kmsg_debug crashes that happen before logd comes up.
allow crash_dump kmsg_debug_device:chr_file { open append };
')
# Use inherited file descriptors
allow crash_dump domain:fd use;
# Read/write IPC pipes inherited from crashing processes.
allow crash_dump domain:fifo_file { read write };
# Append to pipes given to us by processes requesting dumps (e.g. dumpstate)
allow crash_dump domain:fifo_file { append };
r_dir_file(crash_dump, domain)
allow crash_dump exec_type:file r_file_perms;
# Read /data/dalvik-cache.
allow crash_dump dalvikcache_data_file:dir { search getattr };
allow crash_dump dalvikcache_data_file:file r_file_perms;
# Read APK files.
r_dir_file(crash_dump, apk_data_file);
# Read all /vendor
r_dir_file(crash_dump, { vendor_file same_process_hal_file })
# Talk to tombstoned
unix_socket_connect(crash_dump, tombstoned_crash, tombstoned)
# Talk to ActivityManager.
unix_socket_connect(crash_dump, system_ndebug, system_server)
# Append to ANR files.
allow crash_dump anr_data_file:file { append getattr };
# Append to tombstone files.
allow crash_dump tombstone_data_file:file { append getattr };
read_logd(crash_dump)
# Crash dump is not intended to access the following data types. Since these
# are WAI, suppress the denials to clean up the logs.
dontaudit crash_dump {
core_data_file_type
vendor_file_type
}:dir search;
dontaudit crash_dump system_data_file:file read;
###
### neverallow assertions
###
# A domain transition must occur for crash_dump to get the privileges needed to trace the process.
# Do not allow the execution of crash_dump without a domain transition.
neverallow domain crash_dump_exec:file execute_no_trans;