Merge "Fix selinux denials during bugreport" into oc-mr1-dev

public/dumpstate.te

@@ -220,6 +220,20 @@ allow dumpstate ion_device:chr_file r_file_perms;
 # read default labeled files in /sys
 r_dir_file(dumpstate, sysfs)
 
+# Allow dumpstate to run top
+allow dumpstate proc_stat:file r_file_perms;
+
+# Allow dumpstate to read backlight details
+allow dumpstate sysfs_leds:lnk_file r_file_perms;
+allow dumpstate sysfs_leds:file r_file_perms;
+allow dumpstate sysfs_leds:dir search;
+
+# Allow dumpstate to talk to installd over binder
+binder_call(dumpstate, installd);
+
+# Allow dumpstate to run ip xfrm policy
+allow dumpstate self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_read };
+
 ###
 ### neverallow rules
 ###