1typeattribute dumpstate coredomain; 2 3init_daemon_domain(dumpstate) 4 5# Execute and transition to the vdc domain 6domain_auto_trans(dumpstate, vdc_exec, vdc) 7 8# Acquire advisory lock on /system/etc/xtables.lock from ip[6]tables 9allow dumpstate system_file:file lock; 10 11# TODO: deal with tmpfs_domain pub/priv split properly 12allow dumpstate dumpstate_tmpfs:file execute; 13 14# systrace support - allow atrace to run 15allow dumpstate debugfs_tracing:dir r_dir_perms; 16allow dumpstate debugfs_tracing:file rw_file_perms; 17allow dumpstate debugfs_tracing_debug:dir r_dir_perms; 18allow dumpstate debugfs_trace_marker:file getattr; 19allow dumpstate atrace_exec:file rx_file_perms; 20allow dumpstate storaged_exec:file rx_file_perms; 21 22# /data/misc/wmtrace for wm traces 23userdebug_or_eng(` 24 allow dumpstate wm_trace_data_file:dir r_dir_perms; 25 allow dumpstate wm_trace_data_file:file r_file_perms; 26') 27 28# Allow dumpstate to make binder calls to storaged service 29binder_call(dumpstate, storaged) 30 31# Allow dumpstate to make binder calls to statsd 32binder_call(dumpstate, statsd) 33 34# Collect metrics on boot time created by init 35get_prop(dumpstate, boottime_prop) 36 37# Signal native processes to dump their stack. 38allow dumpstate { 39 statsd 40}:process signal; 41 42# For collecting bugreports. 43allow dumpstate debugfs_wakeup_sources:file r_file_perms; 44allow dumpstate dev_type:blk_file getattr; 45allow dumpstate webview_zygote:process signal; 46dontaudit dumpstate perfprofd:binder call; 47dontaudit dumpstate update_engine:binder call; 48