From 06ac7dba370d0db83c8a9fa632e98fd293781d34 Mon Sep 17 00:00:00 2001
From: Kweku Adams <kwekua@google.com>
Date: Tue, 6 Mar 2018 17:42:35 -0800
Subject: [PATCH] Enabling incidentd to get top and ps data.

Bug: 72177715
Bug: 72384374
Test: flash device and make sure incidentd is getting data without SELinux denials
Change-Id: I684fe014e19c936017a466ec2d6cd2e1f03022c0
---
 private/incidentd.te | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/private/incidentd.te b/private/incidentd.te
index a887a6177..824dece28 100644
--- a/private/incidentd.te
+++ b/private/incidentd.te
@@ -31,6 +31,9 @@ allow incidentd proc_meminfo:file { open read };
 # section id 2004, allow reading /sys/devices/system/cpu/cpufreq/all_time_in_state
 allow incidentd sysfs_devices_system_cpu:file r_file_perms;
 
+# section id 2005, allow reading ps dump in full
+allow incidentd domain:process getattr;
+
 # section id 2006, allow reading /sys/class/power_supply/bms/battery_type
 allow incidentd sysfs_batteryinfo:dir { search };
 allow incidentd sysfs_batteryinfo:file r_file_perms;
@@ -42,6 +45,11 @@ allow incidentd incident_data_file:file create_file_perms;
 # Get process attributes
 # TODO allow incidentd domain:process getattr;
 
+# Read files in /proc
+allow incidentd {
+  proc_stat
+}:file r_file_perms;
+
 # Signal java processes to dump their stack and get the results
 # TODO allow incidentd { appdomain ephemeral_app system_server }:process signal;
 # TODO allow incidentd anr_data_file:dir create_dir_perms;
-- 
GitLab