1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253 |
- typeattribute llkd coredomain;
- init_daemon_domain(llkd)
- get_prop(llkd, llkd_prop)
- allow llkd self:global_capability_class_set kill;
- userdebug_or_eng(`
- allow llkd self:global_capability_class_set sys_ptrace;
- allow llkd self:global_capability_class_set { dac_override dac_read_search };
- ')
- allow llkd self:global_capability_class_set ipc_lock;
- allow llkd domain:process sigkill;
- userdebug_or_eng(`
- allow llkd {
- domain
- -apexd
- -kernel
- -keystore
- -init
- -llkd
- -ueventd
- -vendor_init
- }:process ptrace;
- ')
- allow llkd domain:dir r_dir_perms;
- allow llkd domain:file r_file_perms;
- allow llkd domain:lnk_file read;
- allow llkd proc_hung_task:file rw_file_perms;
- allow llkd proc_sysrq:file w_file_perms;
- allow llkd kmsg_device:chr_file w_file_perms;
- neverallow { domain -init } llkd:process { dyntransition transition };
- neverallow { domain userdebug_or_eng(`-crash_dump') } llkd:process ptrace;
- neverallow * llkd:process noatsecure;
|