dumpstate: access /data/misc/logd

(cherry pick from commit 74541338) Bug: 27965066 Change-Id: Ia0690c544876e209e4c080b0e959f763b731c48a

dumpstate: access /data/misc/logd
3ea709be · Mark Salyzyn · 8a8770cd · 3ea709be · 3ea709be
Commit 3ea709be authored 8 years ago by Mark Salyzyn
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -117,6 +117,12 @@ allow dumpstate cache_recovery_file:file r_file_perms;
 allow dumpstate recovery_data_file:dir r_dir_perms;
 allow dumpstate recovery_data_file:file r_file_perms;
+# Access /data/misc/logd
+userdebug_or_eng(`
+  allow dumpstate misc_logd_file:dir r_dir_perms;
+  allow dumpstate misc_logd_file:file r_file_perms;
+')
 allow dumpstate { service_manager_type -gatekeeper_service -netd_service }:service_manager find;
 allow dumpstate servicemanager:service_manager list;

--- a/logd.te
+++ b/logd.te
@@ -62,6 +62,6 @@ neverallow logd { app_data_file system_data_file }:dir_file_class_set write;
 neverallow logd { file_type -logd_tmpfs userdebug_or_eng(` -misc_logd_file -coredump_file ') }:file { create write append };
 # logpersist is only allowed on userdebug/eng builds
-neverallow { domain userdebug_or_eng(`-logd -shell') } misc_logd_file:file no_rw_file_perms;
+neverallow { domain userdebug_or_eng(`-logd -shell -dumpstate') } misc_logd_file:file no_rw_file_perms;
 neverallow { domain userdebug_or_eng(`-logd') } misc_logd_file:dir { add_name link relabelfrom remove_name rename reparent rmdir write };
 neverallow { domain -init } misc_logd_file:dir create;