| type ramdump_exec, exec_type, vendor_file_type, file_type; |
| |
| userdebug_or_eng(` |
| type ramdump, domain; |
| init_daemon_domain(ramdump) |
| |
| set_prop(ramdump, vendor_ramdump_prop) |
| |
| # f2fs set pin file requires sys_admin |
| allow ramdump self:capability sys_admin; |
| |
| allow ramdump self:capability sys_rawio; |
| |
| allow ramdump ramdump_vendor_data_file:dir create_dir_perms; |
| allow ramdump ramdump_vendor_data_file:file create_file_perms; |
| allow ramdump proc_cmdline:file r_file_perms; |
| |
| allow ramdump block_device:dir search; |
| allow ramdump misc_block_device:blk_file rw_file_perms; |
| allow ramdump userdata_block_device:blk_file rw_file_perms; |
| |
| dontaudit ramdump metadata_file:dir search; |
| |
| r_dir_file(ramdump, sysfs_type) |
| |
| # To access statsd. |
| hwbinder_use(ramdump) |
| get_prop(ramdump, hwservicemanager_prop) |
| allow ramdump fwk_stats_hwservice:hwservice_manager find; |
| binder_call(ramdump, stats_service_server) |
| |
| # To implement fusefs (ramdumpfs) under /mnt/vendor/ramdump. |
| allow ramdump fuse:filesystem relabelfrom; |
| allow ramdump fuse_device:chr_file rw_file_perms; |
| allow ramdump mnt_vendor_file:dir r_dir_perms; |
| allow ramdump ramdump_vendor_mnt_file:dir { getattr mounton }; |
| allow ramdump ramdump_vendor_mnt_file:filesystem { mount unmount relabelfrom relabelto }; |
| ') |
