1 # Transition to crash_dump when /system/bin/crash_dump* is executed. 2 # This occurs when the process crashes. 3 domain_auto_trans(domain, crash_dump_exec, crash_dump); 4 allow domain crash_dump:process sigchld; 5 6 # Limit ability to ptrace or read sensitive /proc/pid files of processes 7 # with other UIDs to these whitelisted domains. 8 neverallow { 9 domain 10 -vold 11 -dumpstate 12 -storaged 13 -system_server 14 userdebug_or_eng(`-perfprofd') 15 } self:capability sys_ptrace; 16 17 # Limit ability to generate hardware unique device ID attestations to priv_apps 18 neverallow { domain -priv_app } *:keystore_key gen_unique_id; 19
