1type ramdump_exec, exec_type, vendor_file_type, file_type; 2type ramdump, domain; 3 4userdebug_or_eng(` 5 init_daemon_domain(ramdump) 6 7 set_prop(ramdump, vendor_ramdump_prop) 8 9 # f2fs set pin file requires sys_admin 10 allow ramdump self:capability { sys_admin sys_rawio }; 11 12 allow ramdump ramdump_vendor_data_file:dir create_dir_perms; 13 allow ramdump ramdump_vendor_data_file:file create_file_perms; 14 allow ramdump proc_cmdline:file r_file_perms; 15 16 allow ramdump block_device:dir search; 17 allow ramdump misc_block_device:blk_file rw_file_perms; 18 allow ramdump userdata_block_device:blk_file rw_file_perms; 19 20 # Allow ReadDefaultFstab(). 21 read_fstab(ramdump) 22 23 # read /fstab.${ro.hardware} 24 allow ramdump rootfs:file r_file_perms; 25 26 r_dir_file(ramdump, sysfs_type) 27 28 # To access statsd. 29 hwbinder_use(ramdump) 30 get_prop(ramdump, hwservicemanager_prop) 31 get_prop(ramdump, boot_status_prop) 32 allow ramdump fwk_stats_hwservice:hwservice_manager find; 33 binder_call(ramdump, stats_service_server) 34 allow ramdump fwk_stats_service:service_manager find; 35 binder_use(ramdump) 36 37 # To implement fusefs (ramdumpfs) under /mnt/vendor/ramdump. 38 allow ramdump fuse:filesystem relabelfrom; 39 allow ramdump fuse_device:chr_file rw_file_perms; 40 allow ramdump mnt_vendor_file:dir r_dir_perms; 41 allow ramdump ramdump_vendor_mnt_file:dir { getattr mounton }; 42 allow ramdump ramdump_vendor_fs:filesystem { mount unmount relabelfrom relabelto }; 43 allow ramdump_vendor_mnt_file ramdump_vendor_fs:filesystem associate; 44 45 # Access new Stats AIDL APIs (ag/13714907). 46 allow ramdump fwk_stats_service:service_manager find; 47 binder_call(ramdump, servicemanager) 48') 49