From 3ea709be8d0c257750b4a7cda3ed8c5f1037aa1e Mon Sep 17 00:00:00 2001
From: Mark Salyzyn <salyzyn@google.com>
Date: Fri, 1 Apr 2016 09:58:39 -0700
Subject: [PATCH] dumpstate: access /data/misc/logd

(cherry pick from commit 745413387aa8d0476536e6b25000636c7153e2a7)

Bug: 27965066
Change-Id: Ia0690c544876e209e4c080b0e959f763b731c48a
---
 dumpstate.te | 6 ++++++
 logd.te      | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/dumpstate.te b/dumpstate.te
index 688a91884..19b8adf64 100644
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -117,6 +117,12 @@ allow dumpstate cache_recovery_file:file r_file_perms;
 allow dumpstate recovery_data_file:dir r_dir_perms;
 allow dumpstate recovery_data_file:file r_file_perms;
 
+# Access /data/misc/logd
+userdebug_or_eng(`
+  allow dumpstate misc_logd_file:dir r_dir_perms;
+  allow dumpstate misc_logd_file:file r_file_perms;
+')
+
 allow dumpstate { service_manager_type -gatekeeper_service -netd_service }:service_manager find;
 allow dumpstate servicemanager:service_manager list;
 
diff --git a/logd.te b/logd.te
index 7254e53c7..97bbd8be3 100644
--- a/logd.te
+++ b/logd.te
@@ -62,6 +62,6 @@ neverallow logd { app_data_file system_data_file }:dir_file_class_set write;
 neverallow logd { file_type -logd_tmpfs userdebug_or_eng(` -misc_logd_file -coredump_file ') }:file { create write append };
 
 # logpersist is only allowed on userdebug/eng builds
-neverallow { domain userdebug_or_eng(`-logd -shell') } misc_logd_file:file no_rw_file_perms;
+neverallow { domain userdebug_or_eng(`-logd -shell -dumpstate') } misc_logd_file:file no_rw_file_perms;
 neverallow { domain userdebug_or_eng(`-logd') } misc_logd_file:dir { add_name link relabelfrom remove_name rename reparent rmdir write };
 neverallow { domain -init } misc_logd_file:dir create;
-- 
GitLab