1type crash_dump, domain; 2type crash_dump_exec, exec_type, file_type; 3 4allow crash_dump { 5 domain 6 -init 7 -crash_dump 8 -keystore 9 -logd 10}:process { ptrace signal sigchld sigstop sigkill }; 11 12# crash_dump might inherit CAP_SYS_PTRACE from a privileged process, 13# which will result in an audit log even when it's allowed to trace. 14dontaudit crash_dump self:capability { sys_ptrace }; 15 16userdebug_or_eng(` 17 allow crash_dump logd:process { ptrace signal sigchld sigstop sigkill }; 18 19 # Let crash_dump write to /dev/kmsg_debug crashes that happen before logd comes up. 20 allow crash_dump kmsg_debug_device:chr_file { open append }; 21') 22 23# Use inherited file descriptors 24allow crash_dump domain:fd use; 25 26# Write to the IPC pipe inherited from crashing processes. 27# Append to pipes given to us by processes requesting dumps (e.g. dumpstate) 28allow crash_dump domain:fifo_file { write append }; 29 30r_dir_file(crash_dump, domain) 31allow crash_dump exec_type:file r_file_perms; 32 33# Read /data/dalvik-cache. 34allow crash_dump dalvikcache_data_file:dir { search getattr }; 35allow crash_dump dalvikcache_data_file:file r_file_perms; 36 37# Read APK files. 38r_dir_file(crash_dump, apk_data_file); 39 40# Read all /vendor 41r_dir_file(crash_dump, { vendor_file same_process_hal_file }) 42 43# Talk to tombstoned 44unix_socket_connect(crash_dump, tombstoned_crash, tombstoned) 45 46# Talk to ActivityManager. 47unix_socket_connect(crash_dump, system_ndebug, system_server) 48 49# Append to ANR files. 50allow crash_dump anr_data_file:file { append getattr }; 51 52# Append to tombstone files. 53allow crash_dump tombstone_data_file:file { append getattr }; 54 55read_logd(crash_dump) 56 57### 58### neverallow assertions 59### 60 61# A domain transition must occur for crash_dump to get the privileges needed to trace the process. 62# Do not allow the execution of crash_dump without a domain transition. 63neverallow domain crash_dump_exec:file execute_no_trans; 64