1*e4a36f41SAndroid Build Coastguard Workertype lpdumpd, domain, coredomain; 2*e4a36f41SAndroid Build Coastguard Workertype lpdumpd_exec, system_file_type, exec_type, file_type; 3*e4a36f41SAndroid Build Coastguard Worker 4*e4a36f41SAndroid Build Coastguard Workerinit_daemon_domain(lpdumpd) 5*e4a36f41SAndroid Build Coastguard Worker 6*e4a36f41SAndroid Build Coastguard Worker# Allow lpdumpd to register itself as a service. 7*e4a36f41SAndroid Build Coastguard Workerbinder_use(lpdumpd) 8*e4a36f41SAndroid Build Coastguard Workeradd_service(lpdumpd, lpdump_service) 9*e4a36f41SAndroid Build Coastguard Worker 10*e4a36f41SAndroid Build Coastguard Worker# Allow lpdumpd to find the super partition block device. 11*e4a36f41SAndroid Build Coastguard Workerallow lpdumpd block_device:dir r_dir_perms; 12*e4a36f41SAndroid Build Coastguard Worker 13*e4a36f41SAndroid Build Coastguard Worker# Allow lpdumpd to read super partition metadata. 14*e4a36f41SAndroid Build Coastguard Workerallow lpdumpd super_block_device_type:blk_file r_file_perms; 15*e4a36f41SAndroid Build Coastguard Worker 16*e4a36f41SAndroid Build Coastguard Worker# Allow lpdumpd to read fstab. 17*e4a36f41SAndroid Build Coastguard Workerallow lpdumpd sysfs_dt_firmware_android:dir r_dir_perms; 18*e4a36f41SAndroid Build Coastguard Workerallow lpdumpd sysfs_dt_firmware_android:file r_file_perms; 19*e4a36f41SAndroid Build Coastguard Workerread_fstab(lpdumpd) 20*e4a36f41SAndroid Build Coastguard Worker 21*e4a36f41SAndroid Build Coastguard Worker### Neverallow rules 22*e4a36f41SAndroid Build Coastguard Worker 23*e4a36f41SAndroid Build Coastguard Worker# Disallow other domains to get lpdump_service and call lpdumpd. 24*e4a36f41SAndroid Build Coastguard Workerneverallow { 25*e4a36f41SAndroid Build Coastguard Worker domain 26*e4a36f41SAndroid Build Coastguard Worker -dumpstate 27*e4a36f41SAndroid Build Coastguard Worker -lpdumpd 28*e4a36f41SAndroid Build Coastguard Worker -shell 29*e4a36f41SAndroid Build Coastguard Worker} lpdump_service:service_manager find; 30*e4a36f41SAndroid Build Coastguard Worker 31*e4a36f41SAndroid Build Coastguard Workerneverallow { 32*e4a36f41SAndroid Build Coastguard Worker domain 33*e4a36f41SAndroid Build Coastguard Worker -dumpstate 34*e4a36f41SAndroid Build Coastguard Worker -lpdumpd 35*e4a36f41SAndroid Build Coastguard Worker -shell 36*e4a36f41SAndroid Build Coastguard Worker -servicemanager 37*e4a36f41SAndroid Build Coastguard Worker} lpdumpd:binder call; 38