1##################################### 2# pixel_bugreport(domain_name) 3# Defines a new domain for executables under /vendor/bin/dump 4# Grants permissions to interact with dumpstate and write to bugreport. 5# See go/pixel-defrag for more details. 6define(`pixel_bugreport', ` 7type $1, domain; 8type $1_exec, exec_type, vendor_file_type, file_type; 9typeattribute $1 hal_dumpstate; 10domain_auto_trans(hal_dumpstate_default, $1_exec, $1) 11 12allow $1 dumpstate:fd use; 13allow $1 dumpstate:fifo_file { write getattr }; 14allow $1 hal_dumpstate_default:fd use; 15allow hal_dumpstate_default $1:process { sigkill signal }; 16allow $1 shell_data_file:file { write getattr }; 17') 18 19