1typeattribute tombstoned coredomain; 2 3init_daemon_domain(tombstoned) 4 5get_prop(tombstoned, tombstone_config_prop) 6 7# Write to arbitrary pipes given to us. 8allow tombstoned domain:fd use; 9allow tombstoned domain:fifo_file write; 10 11allow tombstoned domain:dir r_dir_perms; 12allow tombstoned domain:file r_file_perms; 13allow tombstoned tombstone_data_file:dir rw_dir_perms; 14allow tombstoned tombstone_data_file:file { create_file_perms link }; 15 16# Changes for the new stack dumping mechanism. Each trace goes into a 17# separate file, and these files are managed by tombstoned. 18allow tombstoned anr_data_file:dir rw_dir_perms; 19allow tombstoned anr_data_file:file { append create getattr open link unlink }; 20 21### 22### Neverallow rules 23### 24 25neverallow { 26 domain 27 -init 28 -vendor_init 29 -dumpstate 30 -tombstoned 31} tombstone_config_prop:file no_rw_file_perms; 32