crash_dump.te revision 5cbed955d3024605aef0fe6ec1fa8243f9145a0b
1cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaotype crash_dump, domain; 2cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaotype crash_dump_exec, exec_type, file_type; 3cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 4cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaoallow crash_dump { 5cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao domain 6cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao -init 7cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao -crash_dump 8cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao -keystore 9cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao -logd 10cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao}:process { ptrace signal sigchld sigstop sigkill }; 11943d7ed51e32d5f7914653f0c4aa051c5f26c6c3Josh Gao 12943d7ed51e32d5f7914653f0c4aa051c5f26c6c3Josh Gao# crash_dump might inherit CAP_SYS_PTRACE from a privileged process, 13943d7ed51e32d5f7914653f0c4aa051c5f26c6c3Josh Gao# which will result in an audit log even when it's allowed to trace. 14943d7ed51e32d5f7914653f0c4aa051c5f26c6c3Josh Gaodontaudit crash_dump self:capability { sys_ptrace }; 15943d7ed51e32d5f7914653f0c4aa051c5f26c6c3Josh Gao 16cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaouserdebug_or_eng(` 17cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao allow crash_dump logd:process { ptrace signal sigchld sigstop sigkill }; 18cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao') 19cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 20cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao# Use inherited file descriptors 21cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaoallow crash_dump domain:fd use; 225cbed955d3024605aef0fe6ec1fa8243f9145a0bJosh Gao 235cbed955d3024605aef0fe6ec1fa8243f9145a0bJosh Gao# Write to the IPC pipe inherited from crashing processes. 245cbed955d3024605aef0fe6ec1fa8243f9145a0bJosh Gao# Append to pipes given to us by processes requesting dumps (e.g. dumpstate) 255cbed955d3024605aef0fe6ec1fa8243f9145a0bJosh Gaoallow crash_dump domain:fifo_file { write append }; 26cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 27cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaor_dir_file(crash_dump, domain) 28cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaoallow crash_dump exec_type:file r_file_perms; 29cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 30cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao# Read /data/dalvik-cache. 31cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaoallow crash_dump dalvikcache_data_file:dir { search getattr }; 32cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaoallow crash_dump dalvikcache_data_file:file r_file_perms; 33cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 34437d1c0534e68b05cc34f9872995caba16fb1d67Josh Gao# Read APK files. 35437d1c0534e68b05cc34f9872995caba16fb1d67Josh Gaor_dir_file(crash_dump, apk_data_file); 36437d1c0534e68b05cc34f9872995caba16fb1d67Josh Gao 37cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao# Talk to tombstoned 38cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaounix_socket_connect(crash_dump, tombstoned_crash, tombstoned) 39cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 40cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao# Talk to ActivityManager. 41cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaounix_socket_connect(crash_dump, system_ndebug, system_server) 42cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 43cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao# Append to ANR files. 44cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaoallow crash_dump anr_data_file:file { append getattr }; 45cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 46cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao# Append to tombstone files. 47cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaoallow crash_dump tombstone_data_file:file { append getattr }; 48cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 49cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaoread_logd(crash_dump) 50cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 51cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao### 52cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao### neverallow assertions 53cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao### 54cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 55cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao# A domain transition must occur for crash_dump to get the privileges needed to trace the process. 56cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao# Do not allow the execution of crash_dump without a domain transition. 57cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaoneverallow domain crash_dump_exec:file execute_no_trans; 58