From 515389001d68d201fbe325d8454a9916cad326ca Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Thu, 19 Dec 2013 18:18:32 -0800
Subject: [PATCH] Allow dumpsys

Allow adb shell to run dumpsys.

Addresses the following denials:

23.720402   type=1400 audit(1387473582.512:12): avc:  denied  { read write } for  pid=1469 comm="dumpsys" path="/dev/pts/0" dev="devpts" ino=3 scontext=u:r:system_server:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file
23.862719   type=1400 audit(1387473582.652:13): avc:  denied  { getattr } for  pid=696 comm="Binder_3" path="/dev/pts/0" dev="devpts" ino=3 scontext=u:r:system_server:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file

Change-Id: I6c56f9267d769d579514dca3cfde8d5a99170456
---
 binderservicedomain.te | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/binderservicedomain.te b/binderservicedomain.te
index a67d5856e..cf2943da6 100644
--- a/binderservicedomain.te
+++ b/binderservicedomain.te
@@ -1,5 +1,8 @@
 # Rules common to all binder service domains
 
-# Alow dumpstate to collect information from binder services
+# Allow dumpstate to collect information from binder services
 allow binderservicedomain dumpstate:fd use;
 allow binderservicedomain dumpstate:unix_stream_socket { read write getopt getattr };
+
+# Allow dumpsys to work from adb shell
+allow binderservicedomain devpts:chr_file rw_file_perms;
-- 
GitLab