Merge "dumpstate: assert no process ptrace" am: c1f8e9a0

am: 2a70c173 Change-Id: I81689fdf9a332a0d0ed645f207b1ac73731e77b3

Merge "dumpstate: assert no process ptrace" am: c1f8e9a0
am: 2a70c173 Change-Id: I81689fdf9a332a0d0ed645f207b1ac73731e77b3
8cdc9632 · Nick Kralevich · android-build-merger · 86bb63d1 · 2a70c173 · 8cdc9632
Commit 8cdc9632 authored 8 years ago by Nick Kralevich Committed by android-build-merger 8 years ago
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -195,6 +195,10 @@ add_service(dumpstate, dumpstate_service)
 ### neverallow rules
 ###

+# dumpstate has capability sys_ptrace, but should only use that capability for
+# accessing sensitive /proc/PID files, never for using ptrace attach.
+neverallow dumpstate *:process ptrace;
+
 # only system_server, dumpstate and shell can find the dumpstate service
 neverallow { domain -system_server -shell -dumpstate } dumpstate_service:service_manager find;