typeattribute dumpstate coredomain;

init_daemon_domain(dumpstate)

# Execute and transition to the vdc domain
domain_auto_trans(dumpstate, vdc_exec, vdc)

# Acquire advisory lock on /system/etc/xtables.lock from ip[6]tables
allow dumpstate system_file:file lock;

# TODO: deal with tmpfs_domain pub/priv split properly
allow dumpstate dumpstate_tmpfs:file execute;

# systrace support - allow atrace to run
allow dumpstate debugfs_tracing:dir r_dir_perms;
allow dumpstate debugfs_tracing:file rw_file_perms;
allow dumpstate debugfs_tracing_debug:dir r_dir_perms;
allow dumpstate debugfs_trace_marker:file getattr;
allow dumpstate atrace_exec:file rx_file_perms;
allow dumpstate storaged_exec:file rx_file_perms;

# /data/misc/wmtrace for wm traces
userdebug_or_eng(`
  allow dumpstate wm_trace_data_file:dir r_dir_perms;
  allow dumpstate wm_trace_data_file:file r_file_perms;
')

# Allow dumpstate to make binder calls to storaged service
binder_call(dumpstate, storaged)

# Allow dumpstate to make binder calls to statsd
binder_call(dumpstate, statsd)

# Collect metrics on boot time created by init
get_prop(dumpstate, boottime_prop)

# Signal native processes to dump their stack.
allow dumpstate {
  statsd
}:process signal;

# For collecting bugreports.
allow dumpstate debugfs_wakeup_sources:file r_file_perms;
allow dumpstate dev_type:blk_file getattr;
allow dumpstate webview_zygote:process signal;
dontaudit dumpstate perfprofd:binder call;
dontaudit dumpstate update_engine:binder call;