• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1typeattribute crash_dump coredomain;
2
3# Crash dump does not need to access devices passed across exec().
4dontaudit crash_dump { devpts dev_type }:chr_file { read write };
5
6allow crash_dump {
7  domain
8  -apexd
9  -bpfloader
10  -crash_dump
11  -crosvm # TODO(b/236672526): Remove exception for crosvm
12  -diced
13  -init
14  -kernel
15  -keystore
16  -llkd
17  -logd
18  -ueventd
19  -vendor_init
20  -vold
21}:process { ptrace signal sigchld sigstop sigkill };
22
23# TODO(b/186868271): Remove the keystore exception soon-ish (maybe by May 14, 2021?)
24userdebug_or_eng(`
25  allow crash_dump {
26    apexd
27    keystore
28    llkd
29    logd
30    vold
31  }:process { ptrace signal sigchld sigstop sigkill };
32')
33
34###
35### neverallow assertions
36###
37
38# ptrace neverallow assertions are spread throughout the other policy
39# files, so we avoid adding redundant assertions here
40
41neverallow crash_dump {
42  apexd
43  userdebug_or_eng(`-apexd')
44  bpfloader
45  diced
46  init
47  kernel
48  keystore
49  userdebug_or_eng(`-keystore')
50  llkd
51  userdebug_or_eng(`-llkd')
52  logd
53  userdebug_or_eng(`-logd')
54  ueventd
55  vendor_init
56  vold
57  userdebug_or_eng(`-vold')
58}:process { signal sigstop sigkill };
59
60neverallow crash_dump self:process ptrace;
61neverallow crash_dump gpu_device:chr_file *;
62
63# Read ART APEX data directory
64allow crash_dump apex_art_data_file:dir { getattr search };
65allow crash_dump apex_art_data_file:file r_file_perms;
66