From 515389001d68d201fbe325d8454a9916cad326ca Mon Sep 17 00:00:00 2001 From: Nick Kralevich <nnk@google.com> Date: Thu, 19 Dec 2013 18:18:32 -0800 Subject: [PATCH] Allow dumpsys Allow adb shell to run dumpsys. Addresses the following denials: 23.720402 type=1400 audit(1387473582.512:12): avc: denied { read write } for pid=1469 comm="dumpsys" path="/dev/pts/0" dev="devpts" ino=3 scontext=u:r:system_server:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file 23.862719 type=1400 audit(1387473582.652:13): avc: denied { getattr } for pid=696 comm="Binder_3" path="/dev/pts/0" dev="devpts" ino=3 scontext=u:r:system_server:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file Change-Id: I6c56f9267d769d579514dca3cfde8d5a99170456 --- binderservicedomain.te | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/binderservicedomain.te b/binderservicedomain.te index a67d5856e..cf2943da6 100644 --- a/binderservicedomain.te +++ b/binderservicedomain.te @@ -1,5 +1,8 @@ # Rules common to all binder service domains -# Alow dumpstate to collect information from binder services +# Allow dumpstate to collect information from binder services allow binderservicedomain dumpstate:fd use; allow binderservicedomain dumpstate:unix_stream_socket { read write getopt getattr }; + +# Allow dumpsys to work from adb shell +allow binderservicedomain devpts:chr_file rw_file_perms; -- GitLab