dumpstate: assert no process ptrace

dumpstate has CAP_SYS_PTRACE solely for the purpose of reading sensitive /proc/PID files, not for using ptrace attach. Add an assert to ensure that's the case. Test: policy compiles. Change-Id: I975308fae3f8e9a039b9efdc0e9605192b405ce7

dumpstate: assert no process ptrace
dumpstate has CAP_SYS_PTRACE solely for the purpose of reading sensitive /proc/PID files, not for using ptrace attach. Add an assert to ensure that's the case. Test: policy compiles. Change-Id: I975308fae3f8e9a039b9efdc0e9605192b405ce7
6bae84a5 · Nick Kralevich · eebb73b5 · 6bae84a5
Commit 6bae84a5 authored 8 years ago by Nick Kralevich
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -195,6 +195,10 @@ add_service(dumpstate, dumpstate_service)
 ### neverallow rules
 ###
+# dumpstate has capability sys_ptrace, but should only use that capability for
+# accessing sensitive /proc/PID files, never for using ptrace attach.
+neverallow dumpstate *:process ptrace;
 # only system_server, dumpstate and shell can find the dumpstate service
 neverallow { domain -system_server -shell -dumpstate } dumpstate_service:service_manager find;