1type crash_dump, domain; 2type crash_dump_exec, system_file_type, exec_type, file_type; 3 4# crash_dump might inherit CAP_SYS_PTRACE from a privileged process, 5# which will result in an audit log even when it's allowed to trace. 6dontaudit crash_dump self:global_capability_class_set { sys_ptrace }; 7 8userdebug_or_eng(` 9 allow crash_dump logd:process { ptrace signal sigchld sigstop sigkill }; 10 11 # Let crash_dump write to /dev/kmsg_debug crashes that happen before logd comes up. 12 allow crash_dump kmsg_debug_device:chr_file { open append }; 13') 14 15# Use inherited file descriptors 16allow crash_dump domain:fd use; 17 18# Read/write IPC pipes inherited from crashing processes. 19allow crash_dump domain:fifo_file { read write }; 20 21# Append to pipes given to us by processes requesting dumps (e.g. dumpstate) 22allow crash_dump domain:fifo_file { append }; 23 24# Read information from /proc/$PID. 25allow crash_dump domain:process getattr; 26 27r_dir_file(crash_dump, domain) 28allow crash_dump exec_type:file r_file_perms; 29 30# Read /data/dalvik-cache. 31allow crash_dump dalvikcache_data_file:dir { search getattr }; 32allow crash_dump dalvikcache_data_file:file r_file_perms; 33 34# Read APEX data directories. 35allow crash_dump apex_module_data_file:dir { getattr search }; 36 37# Read APK files. 38r_dir_file(crash_dump, apk_data_file); 39 40# Read all /vendor 41r_dir_file(crash_dump, { vendor_file same_process_hal_file }) 42 43# Talk to tombstoned 44unix_socket_connect(crash_dump, tombstoned_crash, tombstoned) 45 46# Talk to ActivityManager. 47unix_socket_connect(crash_dump, system_ndebug, system_server) 48 49# Append to ANR files. 50allow crash_dump anr_data_file:file { append getattr }; 51 52# Append to tombstone files. 53allow crash_dump tombstone_data_file:file { append getattr }; 54 55# crash_dump writes out logcat logs at the bottom of tombstones, 56# which is super useful in some cases. 57unix_socket_connect(crash_dump, logdr, logd) 58 59# Crash dump is not intended to access the following files. Since these 60# are WAI, suppress the denials to clean up the logs. 61dontaudit crash_dump { 62 core_data_file_type 63 vendor_file_type 64}:dir search; 65dontaudit crash_dump system_data_file:{ lnk_file file } read; 66dontaudit crash_dump property_type:file read; 67 68# Suppress denials for files in /proc that are passed 69# across exec(). 70dontaudit crash_dump proc_type:file rw_file_perms; 71 72### 73### neverallow assertions 74### 75 76# A domain transition must occur for crash_dump to get the privileges needed to trace the process. 77# Do not allow the execution of crash_dump without a domain transition. 78neverallow domain crash_dump_exec:file execute_no_trans; 79