Home | History | Annotate | Download | only in public 
      1 type crash_dump, domain;
      2 type crash_dump_exec, exec_type, file_type;
      3 
      4 allow crash_dump {
      5   domain
      6   -init
      7   -crash_dump
      8   -keystore
      9   -logd
     10 }:process { ptrace signal sigchld sigstop sigkill };
     11 
     12 # crash_dump might inherit CAP_SYS_PTRACE from a privileged process,
     13 # which will result in an audit log even when it's allowed to trace.
     14 dontaudit crash_dump self:global_capability_class_set { sys_ptrace };
     15 
     16 userdebug_or_eng(`
     17   allow crash_dump logd:process { ptrace signal sigchld sigstop sigkill };
     18 
     19   # Let crash_dump write to /dev/kmsg_debug crashes that happen before logd comes up.
     20   allow crash_dump kmsg_debug_device:chr_file { open append };
     21 ')
     22 
     23 # Use inherited file descriptors
     24 allow crash_dump domain:fd use;
     25 
     26 # Read/write IPC pipes inherited from crashing processes.
     27 allow crash_dump domain:fifo_file { read write };
     28 
     29 # Append to pipes given to us by processes requesting dumps (e.g. dumpstate)
     30 allow crash_dump domain:fifo_file { append };
     31 
     32 r_dir_file(crash_dump, domain)
     33 allow crash_dump exec_type:file r_file_perms;
     34 
     35 # Read /data/dalvik-cache.
     36 allow crash_dump dalvikcache_data_file:dir { search getattr };
     37 allow crash_dump dalvikcache_data_file:file r_file_perms;
     38 
     39 # Read APK files.
     40 r_dir_file(crash_dump, apk_data_file);
     41 
     42 # Read all /vendor
     43 r_dir_file(crash_dump, { vendor_file same_process_hal_file })
     44 
     45 # Talk to tombstoned
     46 unix_socket_connect(crash_dump, tombstoned_crash, tombstoned)
     47 
     48 # Talk to ActivityManager.
     49 unix_socket_connect(crash_dump, system_ndebug, system_server)
     50 
     51 # Append to ANR files.
     52 allow crash_dump anr_data_file:file { append getattr };
     53 
     54 # Append to tombstone files.
     55 allow crash_dump tombstone_data_file:file { append getattr };
     56 
     57 read_logd(crash_dump)
     58 
     59 # Crash dump is not intended to access the following data types. Since these
     60 # are WAI, suppress the denials to clean up the logs.
     61 dontaudit crash_dump {
     62   core_data_file_type
     63   vendor_file_type
     64 }:dir search;
     65 dontaudit crash_dump system_data_file:file read;
     66 
     67 ###
     68 ### neverallow assertions
     69 ###
     70 
     71 # A domain transition must occur for crash_dump to get the privileges needed to trace the process.
     72 # Do not allow the execution of crash_dump without a domain transition.
     73 neverallow domain crash_dump_exec:file execute_no_trans;
     74