From d4e094e2b1a47c1fea1799d9fade19e953a7ca1b Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Wed, 13 Jun 2018 22:10:37 -0700
Subject: [PATCH] crash_dump: disallow ptrace of TCB components

Remove permissions.

Bug: 110107376
Test: kill -6 <components excluded from ptrace>
Change-Id: If8b9c932af03a551e40e786d591544ecdd4e5c98
Merged-In: If8b9c932af03a551e40e786d591544ecdd4e5c98
(cherry picked from commit f1554f1588eab05eca7eb7ccba41d5955a563837)
(cherry picked from commit 573d333589bd1bac02e35f0bd6958758ca65ae9e)
---
 prebuilts/api/28.0/private/crash_dump.te | 13 +++++++++++++
 prebuilts/api/28.0/public/crash_dump.te  |  8 --------
 private/crash_dump.te                    | 13 +++++++++++++
 public/crash_dump.te                     |  8 --------
 4 files changed, 26 insertions(+), 16 deletions(-)

diff --git a/prebuilts/api/28.0/private/crash_dump.te b/prebuilts/api/28.0/private/crash_dump.te
index fb73f08a9..c3d2ed5bd 100644
--- a/prebuilts/api/28.0/private/crash_dump.te
+++ b/prebuilts/api/28.0/private/crash_dump.te
@@ -1 +1,14 @@
 typeattribute crash_dump coredomain;
+
+allow crash_dump {
+  domain
+  -bpfloader
+  -crash_dump
+  -init
+  -kernel
+  -keystore
+  -logd
+  -ueventd
+  -vendor_init
+  -vold
+}:process { ptrace signal sigchld sigstop sigkill };
diff --git a/prebuilts/api/28.0/public/crash_dump.te b/prebuilts/api/28.0/public/crash_dump.te
index f778d2818..cd1e5a8e4 100644
--- a/prebuilts/api/28.0/public/crash_dump.te
+++ b/prebuilts/api/28.0/public/crash_dump.te
@@ -1,14 +1,6 @@
 type crash_dump, domain;
 type crash_dump_exec, exec_type, file_type;
 
-allow crash_dump {
-  domain
-  -init
-  -crash_dump
-  -keystore
-  -logd
-}:process { ptrace signal sigchld sigstop sigkill };
-
 # crash_dump might inherit CAP_SYS_PTRACE from a privileged process,
 # which will result in an audit log even when it's allowed to trace.
 dontaudit crash_dump self:global_capability_class_set { sys_ptrace };
diff --git a/private/crash_dump.te b/private/crash_dump.te
index fb73f08a9..c3d2ed5bd 100644
--- a/private/crash_dump.te
+++ b/private/crash_dump.te
@@ -1 +1,14 @@
 typeattribute crash_dump coredomain;
+
+allow crash_dump {
+  domain
+  -bpfloader
+  -crash_dump
+  -init
+  -kernel
+  -keystore
+  -logd
+  -ueventd
+  -vendor_init
+  -vold
+}:process { ptrace signal sigchld sigstop sigkill };
diff --git a/public/crash_dump.te b/public/crash_dump.te
index f778d2818..cd1e5a8e4 100644
--- a/public/crash_dump.te
+++ b/public/crash_dump.te
@@ -1,14 +1,6 @@
 type crash_dump, domain;
 type crash_dump_exec, exec_type, file_type;
 
-allow crash_dump {
-  domain
-  -init
-  -crash_dump
-  -keystore
-  -logd
-}:process { ptrace signal sigchld sigstop sigkill };
-
 # crash_dump might inherit CAP_SYS_PTRACE from a privileged process,
 # which will result in an audit log even when it's allowed to trace.
 dontaudit crash_dump self:global_capability_class_set { sys_ptrace };
-- 
GitLab