1# Transition to crash_dump when /system/bin/crash_dump* is executed. 2# This occurs when the process crashes. 3domain_auto_trans(domain, crash_dump_exec, crash_dump); 4allow domain crash_dump:process sigchld; 5 6# Limit ability to ptrace or read sensitive /proc/pid files of processes 7# with other UIDs to these allowlisted domains. 8neverallow { 9 domain 10 -vold 11 -dumpstate 12 -storaged 13 -system_server 14 userdebug_or_eng(`-perfprofd') 15} self:capability sys_ptrace; 16 17# Limit ability to generate hardware unique device ID attestations to priv_apps 18neverallow { domain -priv_app } *:keystore_key gen_unique_id; 19