1type crash_dump, domain;
2type crash_dump_exec, exec_type, file_type;
3
4allow crash_dump {
5  domain
6  -init
7  -crash_dump
8  -keystore
9  -logd
10}:process { ptrace signal sigchld sigstop sigkill };
11
12# crash_dump might inherit CAP_SYS_PTRACE from a privileged process,
13# which will result in an audit log even when it's allowed to trace.
14dontaudit crash_dump self:capability { sys_ptrace };
15
16userdebug_or_eng(`
17  allow crash_dump logd:process { ptrace signal sigchld sigstop sigkill };
18')
19
20# Use inherited file descriptors
21allow crash_dump domain:fd use;
22
23# Write to the IPC pipe inherited from crashing processes.
24# Append to pipes given to us by processes requesting dumps (e.g. dumpstate)
25allow crash_dump domain:fifo_file { write append };
26
27r_dir_file(crash_dump, domain)
28allow crash_dump exec_type:file r_file_perms;
29
30# Read /data/dalvik-cache.
31allow crash_dump dalvikcache_data_file:dir { search getattr };
32allow crash_dump dalvikcache_data_file:file r_file_perms;
33
34# Read APK files.
35r_dir_file(crash_dump, apk_data_file);
36
37# Read all /vendor
38r_dir_file(crash_dump, { vendor_file same_process_hal_file })
39
40# Talk to tombstoned
41unix_socket_connect(crash_dump, tombstoned_crash, tombstoned)
42
43# Talk to ActivityManager.
44unix_socket_connect(crash_dump, system_ndebug, system_server)
45
46# Append to ANR files.
47allow crash_dump anr_data_file:file { append getattr };
48
49# Append to tombstone files.
50allow crash_dump tombstone_data_file:file { append getattr };
51
52read_logd(crash_dump)
53
54###
55### neverallow assertions
56###
57
58# A domain transition must occur for crash_dump to get the privileges needed to trace the process.
59# Do not allow the execution of crash_dump without a domain transition.
60neverallow domain crash_dump_exec:file execute_no_trans;
61