Merge "dumpstate: assert no process ptrace" am: c1f8e9a0 am: 2a70c173

am: 8cdc9632 Change-Id: Iaa036444a7467f6d323c09e651899a8b06e78b69

Merge "dumpstate: assert no process ptrace" am: c1f8e9a0 am: 2a70c173
am: 8cdc9632 Change-Id: Iaa036444a7467f6d323c09e651899a8b06e78b69
1d6da113 · Nick Kralevich · android-build-merger · 67e91b13 · 8cdc9632 · 1d6da113
Commit 1d6da113 authored 8 years ago by Nick Kralevich Committed by android-build-merger 8 years ago
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -195,6 +195,10 @@ add_service(dumpstate, dumpstate_service)
 ### neverallow rules
 ###

+# dumpstate has capability sys_ptrace, but should only use that capability for
+# accessing sensitive /proc/PID files, never for using ptrace attach.
+neverallow dumpstate *:process ptrace;
+
 # only system_server, dumpstate and shell can find the dumpstate service
 neverallow { domain -system_server -shell -dumpstate } dumpstate_service:service_manager find;