| typeattribute crash_dump coredomain; |
| # Crash dump does not need to access devices passed across exec(). |
| dontaudit crash_dump { devpts dev_type }:chr_file { read write }; |
| }:process { ptrace signal sigchld sigstop sigkill }; |
| # TODO(b/186868271): Remove the keystore exception soon-ish (maybe by May 14, 2021?) |
| }:process { ptrace signal sigchld sigstop sigkill }; |
| ### neverallow assertions |
| # ptrace neverallow assertions are spread throughout the other policy |
| # files, so we avoid adding redundant assertions here |
| userdebug_or_eng(`-apexd') |
| userdebug_or_eng(`-keystore') |
| userdebug_or_eng(`-llkd') |
| userdebug_or_eng(`-logd') |
| userdebug_or_eng(`-vold') |
| }:process { signal sigstop sigkill }; |
| neverallow crash_dump self:process ptrace; |
| neverallow crash_dump gpu_device:chr_file *; |
| # Read ART APEX data directory |
| allow crash_dump apex_art_data_file:dir { getattr search }; |
| allow crash_dump apex_art_data_file:file r_file_perms; |