Skip to content
Snippets Groups Projects
Normal view Permalink
tombstoned.te 908 B
Newer Older
  • Learn to ignore specific revisions
    • Josh Gao's avatar
    Introduce crash_dump debugging helper.
    Josh Gao committed
    1 2 3 4 5 6 7 8 9 10 11 12 
    # debugger interface
type tombstoned, domain, mlstrustedsubject;
type tombstoned_exec, exec_type, file_type;

# Write to arbitrary pipes given to us.
allow tombstoned domain:fd use;
allow tombstoned domain:fifo_file write;

allow tombstoned domain:dir r_dir_perms;
allow tombstoned domain:file r_file_perms;
allow tombstoned tombstone_data_file:dir rw_dir_perms;
allow tombstoned tombstone_data_file:file create_file_perms;
    Josh Gao's avatar
    tombstoned: temporarily allow write to anr_data_file.  
    Josh Gao committed
    13
    Narayan Kamath's avatar
    SEPolicy: Changes for new stack dumping scheme.  
    Narayan Kamath committed
    14 15 16 17 18 19 20 21 
    # TODO: Remove append / write permissions. They were temporarily
# granted due to a bug which appears to have been fixed.
allow tombstoned anr_data_file:file { append write };
auditallow tombstoned anr_data_file:file { append write };

# Changes for the new stack dumping mechanism. Each trace goes into a
# separate file, and these files are managed by tombstoned.
allow tombstoned anr_data_file:dir rw_dir_perms;
    Jeff Vander Stoep's avatar
    tombstoned: allow unlinking anr files  
    Jeff Vander Stoep committed
    22 
    allow tombstoned anr_data_file:file { create getattr open unlink };