1type crash_dump, domain;
2type crash_dump_exec, exec_type, file_type;
3
4allow crash_dump {
5  domain
6  -init
7  -crash_dump
8  -keystore
9  -logd
10}:process { ptrace signal sigchld sigstop sigkill };
11
12# crash_dump might inherit CAP_SYS_PTRACE from a privileged process,
13# which will result in an audit log even when it's allowed to trace.
14dontaudit crash_dump self:global_capability_class_set { sys_ptrace };
15
16userdebug_or_eng(`
17  allow crash_dump logd:process { ptrace signal sigchld sigstop sigkill };
18
19  # Let crash_dump write to /dev/kmsg_debug crashes that happen before logd comes up.
20  allow crash_dump kmsg_debug_device:chr_file { open append };
21')
22
23# Use inherited file descriptors
24allow crash_dump domain:fd use;
25
26# Read/write IPC pipes inherited from crashing processes.
27allow crash_dump domain:fifo_file { read write };
28
29# Append to pipes given to us by processes requesting dumps (e.g. dumpstate)
30allow crash_dump domain:fifo_file { append };
31
32r_dir_file(crash_dump, domain)
33allow crash_dump exec_type:file r_file_perms;
34
35# Read /data/dalvik-cache.
36allow crash_dump dalvikcache_data_file:dir { search getattr };
37allow crash_dump dalvikcache_data_file:file r_file_perms;
38
39# Read APK files.
40r_dir_file(crash_dump, apk_data_file);
41
42# Read all /vendor
43r_dir_file(crash_dump, { vendor_file same_process_hal_file })
44
45# Talk to tombstoned
46unix_socket_connect(crash_dump, tombstoned_crash, tombstoned)
47
48# Talk to ActivityManager.
49unix_socket_connect(crash_dump, system_ndebug, system_server)
50
51# Append to ANR files.
52allow crash_dump anr_data_file:file { append getattr };
53
54# Append to tombstone files.
55allow crash_dump tombstone_data_file:file { append getattr };
56
57read_logd(crash_dump)
58
59# Crash dump is not intended to access the following data types. Since these
60# are WAI, suppress the denials to clean up the logs.
61dontaudit crash_dump {
62  core_data_file_type
63  vendor_file_type
64}:dir search;
65dontaudit crash_dump system_data_file:file read;
66
67###
68### neverallow assertions
69###
70
71# A domain transition must occur for crash_dump to get the privileges needed to trace the process.
72# Do not allow the execution of crash_dump without a domain transition.
73neverallow domain crash_dump_exec:file execute_no_trans;
74