From 4af699ae3eb4c3cb7e8cd840f84da9c8aed50242 Mon Sep 17 00:00:00 2001
From: Tianjie Xu <xunchang@google.com>
Date: Wed, 11 Apr 2018 16:44:00 -0700
Subject: [PATCH] Allow dumpstate to read the update_engine logs

Denial message:
avc: denied { read } for pid=2775 comm="dumpstate" name="update_engine_log"
dev="sda35" ino=3850274 scontext=u:r:dumpstate:s0
tcontext=u:object_r:update_engine_log_data_file:s0 tclass=dir permissive=0

Bug: 78201703
Test: take a bugreport
Change-Id: I2c788c1211812aa0fcf58cee37a6e8f955424849
(cherry picked from commit 7d474279976191b6438974d9dbe2318daa4c92af)
---
 public/dumpstate.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/public/dumpstate.te b/public/dumpstate.te
index 8906f5dcf..4b7de4f10 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -190,6 +190,10 @@ allow dumpstate cache_recovery_file:file r_file_perms;
 allow dumpstate recovery_data_file:dir r_dir_perms;
 allow dumpstate recovery_data_file:file r_file_perms;
 
+#Access /data/misc/update_engine_log
+allow dumpstate update_engine_log_data_file:dir r_dir_perms;
+allow dumpstate update_engine_log_data_file:file r_file_perms;
+
 # Access /data/misc/profiles/{cur,ref}/
 userdebug_or_eng(`
   allow dumpstate user_profile_data_file:dir r_dir_perms;
-- 
GitLab