crash_dump.te revision a01e93130d86702fb5976b7d97e327f467cc878b
1cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaotype crash_dump, domain; 2cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaotype crash_dump_exec, exec_type, file_type; 3cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 4cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaoallow crash_dump { 5cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao domain 6cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao -init 7cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao -crash_dump 8cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao -keystore 9cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao -logd 10cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao}:process { ptrace signal sigchld sigstop sigkill }; 11943d7ed51e32d5f7914653f0c4aa051c5f26c6c3Josh Gao 12943d7ed51e32d5f7914653f0c4aa051c5f26c6c3Josh Gao# crash_dump might inherit CAP_SYS_PTRACE from a privileged process, 13943d7ed51e32d5f7914653f0c4aa051c5f26c6c3Josh Gao# which will result in an audit log even when it's allowed to trace. 149b2e0cbeeaae560b07e4ffa6e5b8e505699e4a76Benjamin Gordondontaudit crash_dump self:global_capability_class_set { sys_ptrace }; 15943d7ed51e32d5f7914653f0c4aa051c5f26c6c3Josh Gao 16cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaouserdebug_or_eng(` 17cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao allow crash_dump logd:process { ptrace signal sigchld sigstop sigkill }; 1894e2a921cb38b586cfd34a6967b776474e1d6e91Josh Gao 1994e2a921cb38b586cfd34a6967b776474e1d6e91Josh Gao # Let crash_dump write to /dev/kmsg_debug crashes that happen before logd comes up. 2094e2a921cb38b586cfd34a6967b776474e1d6e91Josh Gao allow crash_dump kmsg_debug_device:chr_file { open append }; 21cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao') 22cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 23cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao# Use inherited file descriptors 24cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaoallow crash_dump domain:fd use; 255cbed955d3024605aef0fe6ec1fa8243f9145a0bJosh Gao 26914a7fb95ac43d237fb97ca9a11cf3a4111828f6Josh Gao# Read/write IPC pipes inherited from crashing processes. 27914a7fb95ac43d237fb97ca9a11cf3a4111828f6Josh Gaoallow crash_dump domain:fifo_file { read write }; 28914a7fb95ac43d237fb97ca9a11cf3a4111828f6Josh Gao 295cbed955d3024605aef0fe6ec1fa8243f9145a0bJosh Gao# Append to pipes given to us by processes requesting dumps (e.g. dumpstate) 30914a7fb95ac43d237fb97ca9a11cf3a4111828f6Josh Gaoallow crash_dump domain:fifo_file { append }; 31cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 32cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaor_dir_file(crash_dump, domain) 33cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaoallow crash_dump exec_type:file r_file_perms; 34cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 35cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao# Read /data/dalvik-cache. 36cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaoallow crash_dump dalvikcache_data_file:dir { search getattr }; 37cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaoallow crash_dump dalvikcache_data_file:file r_file_perms; 38cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 39437d1c0534e68b05cc34f9872995caba16fb1d67Josh Gao# Read APK files. 40437d1c0534e68b05cc34f9872995caba16fb1d67Josh Gaor_dir_file(crash_dump, apk_data_file); 41437d1c0534e68b05cc34f9872995caba16fb1d67Josh Gao 42277a20ebecda8f9d12a10c4f8eb52dbf04c30e43Sandeep Patil# Read all /vendor 43277a20ebecda8f9d12a10c4f8eb52dbf04c30e43Sandeep Patilr_dir_file(crash_dump, { vendor_file same_process_hal_file }) 44277a20ebecda8f9d12a10c4f8eb52dbf04c30e43Sandeep Patil 45cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao# Talk to tombstoned 46cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaounix_socket_connect(crash_dump, tombstoned_crash, tombstoned) 47cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 48cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao# Talk to ActivityManager. 49cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaounix_socket_connect(crash_dump, system_ndebug, system_server) 50cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 51cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao# Append to ANR files. 52cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaoallow crash_dump anr_data_file:file { append getattr }; 53cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 54cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao# Append to tombstone files. 55cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaoallow crash_dump tombstone_data_file:file { append getattr }; 56cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 57cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaoread_logd(crash_dump) 58cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 59cc0304cfc2ca307595108bb8ccafeb363e0103a0Jeff Vander Stoep# Crash dump is not intended to access the following data types. Since these 60cc0304cfc2ca307595108bb8ccafeb363e0103a0Jeff Vander Stoep# are WAI, suppress the denials to clean up the logs. 61cc0304cfc2ca307595108bb8ccafeb363e0103a0Jeff Vander Stoepdontaudit crash_dump { 62a01e93130d86702fb5976b7d97e327f467cc878bJoel Galenson core_data_file_type 63a01e93130d86702fb5976b7d97e327f467cc878bJoel Galenson vendor_file_type 64cc0304cfc2ca307595108bb8ccafeb363e0103a0Jeff Vander Stoep}:dir search; 65cc0304cfc2ca307595108bb8ccafeb363e0103a0Jeff Vander Stoepdontaudit crash_dump system_data_file:file read; 66cc0304cfc2ca307595108bb8ccafeb363e0103a0Jeff Vander Stoep 67cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao### 68cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao### neverallow assertions 69cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao### 70cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao 71cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao# A domain transition must occur for crash_dump to get the privileges needed to trace the process. 72cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gao# Do not allow the execution of crash_dump without a domain transition. 73cb3eb4eef9733bbde2951a2a774392d0c8acc9feJosh Gaoneverallow domain crash_dump_exec:file execute_no_trans; 74