1typeattribute crash_dump coredomain; 2 3# Crash dump does not need to access devices passed across exec(). 4dontaudit crash_dump { devpts dev_type }:chr_file { read write }; 5 6allow crash_dump { 7 domain 8 -apexd 9 -bpfloader 10 -crash_dump 11 -init 12 -kernel 13 -keystore 14 -llkd 15 -logd 16 -ueventd 17 -vendor_init 18 -vold 19}:process { ptrace signal sigchld sigstop sigkill }; 20userdebug_or_eng(` 21 allow crash_dump { apexd llkd logd vold }:process { ptrace signal sigchld sigstop sigkill }; 22') 23 24### 25### neverallow assertions 26### 27 28# ptrace neverallow assertions are spread throughout the other policy 29# files, so we avoid adding redundant assertions here 30 31neverallow crash_dump { 32 apexd 33 userdebug_or_eng(`-apexd') 34 bpfloader 35 init 36 kernel 37 keystore 38 llkd 39 userdebug_or_eng(`-llkd') 40 logd 41 userdebug_or_eng(`-logd') 42 ueventd 43 vendor_init 44 vold 45 userdebug_or_eng(`-vold') 46}:process { signal sigstop sigkill }; 47 48neverallow crash_dump self:process ptrace; 49neverallow crash_dump gpu_device:chr_file *; 50