crash_dump.te revision 943d7ed51e32d5f7914653f0c4aa051c5f26c6c3
1cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaotype crash_dump, domain; 2cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaotype crash_dump_exec, exec_type, file_type; 3cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 4cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaoallow crash_dump { 5cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao domain 6cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao -init 7cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao -crash_dump 8cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao -keystore 9cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao -logd 10cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao}:process { ptrace signal sigchld sigstop sigkill }; 11943d7ed51e32d5f7914653f0c4aa051c5f26c6c3Josh Gao 12943d7ed51e32d5f7914653f0c4aa051c5f26c6c3Josh Gao# crash_dump might inherit CAP_SYS_PTRACE from a privileged process, 13943d7ed51e32d5f7914653f0c4aa051c5f26c6c3Josh Gao# which will result in an audit log even when it's allowed to trace. 14943d7ed51e32d5f7914653f0c4aa051c5f26c6c3Josh Gaodontaudit crash_dump self:capability { sys_ptrace }; 15943d7ed51e32d5f7914653f0c4aa051c5f26c6c3Josh Gao 16cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaouserdebug_or_eng(` 17cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao allow crash_dump logd:process { ptrace signal sigchld sigstop sigkill }; 18cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao') 19cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 20cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao# Use inherited file descriptors 21cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaoallow crash_dump domain:fd use; 22cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaoallow crash_dump domain:fifo_file write; 23cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 24cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaor_dir_file(crash_dump, domain) 25cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaoallow crash_dump exec_type:file r_file_perms; 26cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 27cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao# Read /data/dalvik-cache. 28cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaoallow crash_dump dalvikcache_data_file:dir { search getattr }; 29cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaoallow crash_dump dalvikcache_data_file:file r_file_perms; 30cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 31cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao# Talk to tombstoned 32cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaounix_socket_connect(crash_dump, tombstoned_crash, tombstoned) 33cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 34cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao# Talk to ActivityManager. 35cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaounix_socket_connect(crash_dump, system_ndebug, system_server) 36cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 37cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao# Append to ANR files. 38cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaoallow crash_dump anr_data_file:file { append getattr }; 39cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 40cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao# Append to tombstone files. 41cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaoallow crash_dump tombstone_data_file:file { append getattr }; 42cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 43cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaoread_logd(crash_dump) 44cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 45cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao### 46cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao### neverallow assertions 47cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao### 48cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 49cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao# A domain transition must occur for crash_dump to get the privileges needed to trace the process. 50cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao# Do not allow the execution of crash_dump without a domain transition. 51cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaoneverallow domain crash_dump_exec:file execute_no_trans; 52