1type ramdump_exec, exec_type, vendor_file_type, file_type; 2 3userdebug_or_eng(` 4 type ramdump, domain; 5 init_daemon_domain(ramdump) 6 7 set_prop(ramdump, vendor_ramdump_prop) 8 9 # f2fs set pin file requires sys_admin 10 allow ramdump self:capability sys_admin; 11 12 allow ramdump self:capability sys_rawio; 13 14 allow ramdump ramdump_vendor_data_file:dir create_dir_perms; 15 allow ramdump ramdump_vendor_data_file:file create_file_perms; 16 allow ramdump { 17 proc 18 proc_cmdline 19 }:file r_file_perms; 20 21 allow ramdump block_device:dir search; 22 allow ramdump misc_block_device:blk_file rw_file_perms; 23 allow ramdump userdata_block_device:blk_file rw_file_perms; 24 25 dontaudit ramdump metadata_file:dir search; 26 27 # read from /fstab.sdm845 28 allow ramdump rootfs:file r_file_perms; 29 30 r_dir_file(ramdump, sysfs_type) 31 32 # To access statsd. 33 hwbinder_use(ramdump) 34 get_prop(ramdump, hwservicemanager_prop) 35 allow ramdump fwk_stats_hwservice:hwservice_manager find; 36 binder_call(ramdump, stats_service_server) 37 38 # To implement fusefs (ramdumpfs) under /mnt/vendor/ramdump. 39 allow ramdump fuse:filesystem relabelfrom; 40 allow ramdump fuse_device:chr_file rw_file_perms; 41 allow ramdump mnt_vendor_file:dir r_dir_perms; 42 allow ramdump ramdump_vendor_mnt_file:dir { getattr mounton }; 43 allow ramdump ramdump_vendor_mnt_file:filesystem { mount unmount relabelfrom relabelto }; 44') 45