From 361ed7512de395192ca84e9f3eb2270729c9f37f Mon Sep 17 00:00:00 2001
From: dcashman <dcashman@google.com>
Date: Wed, 1 Apr 2015 11:17:20 -0700
Subject: [PATCH] Allow apps to dump meminfo to serial_console.

Executing dumpsys meminfo over the console shell requires that output go to the
console_device.  meminfo passes a fd to each applicaiton thread so that it can
do this in IApplicationThread.dumpMemInfo().  Allow use of this fd.

Addresses the following denial:
type=1400 audit(1426793987.944:4224): avc: denied { read write } for pid=1809 comm="Binder_4" path="/dev/console" dev="tmpfs" ino=5684 scontext=u:r:platform_app:s0 tcontext=u:object_r:console_device:s0 tclass=chr_file

Bug: 17135173
Change-Id: Id5340a1fb3c8dbf41bda427720c4a0047bc557fc
---
 app.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app.te b/app.te
index 8af62449c..4aad958b4 100644
--- a/app.te
+++ b/app.te
@@ -177,6 +177,8 @@ allow { appdomain -isolated_app } keystore:keystore_key { test get insert delete
 
 use_keystore({ appdomain -isolated_app })
 
+allow appdomain console_device:chr_file { read write };
+
 ###
 ### CTS-specific rules
 ###
-- 
GitLab