Allow 'vdc' to be invoked with logwrapper.

Currently vdc emits logs to stderr, which makes sense for command line invocations, but when exec'ed they're silently dropped unless the caller uses logwrapper. avc: denied { read write } for path="/dev/pts/2" dev="devpts" ino=5 scontext=u:r:vdc:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file permissive=0 Bug: 25796509 Change-Id: Ib92e0a7f580b1934a9853a83684f95b24bdc355c

Allow 'vdc' to be invoked with logwrapper.
3ade7cef · Jeff Sharkey · 613f451e · 3ade7cef
Commit 3ade7cef authored 9 years ago by Jeff Sharkey
--- a/vdc.te
+++ b/vdc.te
@@ -21,3 +21,6 @@ allow vdc shell_data_file:file { write getattr };
 # Why?
 allow vdc dumpstate:unix_dgram_socket { read write };
+# vdc can be invoked with logwrapper, so let it write to pty
+allow vdc devpts:chr_file rw_file_perms;