1typeattribute dumpstate coredomain; 2 3init_daemon_domain(dumpstate) 4 5# Execute and transition to the vdc domain 6domain_auto_trans(dumpstate, vdc_exec, vdc) 7 8# Acquire advisory lock on /system/etc/xtables.lock from ip[6]tables 9allow dumpstate system_file:file lock; 10 11allow dumpstate storaged_exec:file rx_file_perms; 12 13# /data/misc/wmtrace for wm traces 14userdebug_or_eng(` 15 allow dumpstate wm_trace_data_file:dir r_dir_perms; 16 allow dumpstate wm_trace_data_file:file r_file_perms; 17') 18 19# Allow dumpstate to make binder calls to incidentd 20binder_call(dumpstate, incidentd) 21 22# Allow dumpstate to make binder calls to storaged service 23binder_call(dumpstate, storaged) 24 25# Allow dumpstate to make binder calls to statsd 26binder_call(dumpstate, statsd) 27 28# Allow dumpstate to talk to gpuservice over binder 29binder_call(dumpstate, gpuservice); 30 31# Allow dumpstate to talk to idmap over binder 32binder_call(dumpstate, idmap); 33 34# Collect metrics on boot time created by init 35get_prop(dumpstate, boottime_prop) 36 37# Signal native processes to dump their stack. 38allow dumpstate { 39 statsd 40 netd 41}:process signal; 42 43# For collecting bugreports. 44allow dumpstate debugfs_wakeup_sources:file r_file_perms; 45allow dumpstate dev_type:blk_file getattr; 46allow dumpstate webview_zygote:process signal; 47dontaudit dumpstate update_engine:binder call; 48allow dumpstate proc_net_tcp_udp:file r_file_perms; 49 50# For comminucating with the system process to do confirmation ui. 51binder_call(dumpstate, incidentcompanion_service) 52 53# For dumping dynamic partition information. 54set_prop(dumpstate, lpdumpd_prop) 55binder_call(dumpstate, lpdumpd) 56 57# For dumping device-mapper and snapshot information. 58allow dumpstate gsid_exec:file rx_file_perms; 59set_prop(dumpstate, ctl_gsid_prop) 60binder_call(dumpstate, gsid) 61 62r_dir_file(dumpstate, ota_metadata_file) 63