Merge "dumpstate: assert no process ptrace"

am: c1f8e9a0 Change-Id: I8b763f78a29561bddf6d80e3a59e39943a6340d3

Merge "dumpstate: assert no process ptrace"
am: c1f8e9a0 Change-Id: I8b763f78a29561bddf6d80e3a59e39943a6340d3
2a70c173 · Nick Kralevich · android-build-merger · 68a62bab · c1f8e9a0 · 2a70c173
Commit 2a70c173 authored 8 years ago by Nick Kralevich Committed by android-build-merger 8 years ago
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -195,6 +195,10 @@ add_service(dumpstate, dumpstate_service)
 ### neverallow rules
 ###

+# dumpstate has capability sys_ptrace, but should only use that capability for
+# accessing sensitive /proc/PID files, never for using ptrace attach.
+neverallow dumpstate *:process ptrace;
+
 # only system_server, dumpstate and shell can find the dumpstate service
 neverallow { domain -system_server -shell -dumpstate } dumpstate_service:service_manager find;