From 5e8402df4322182bb4a5c8e61a13d916e4b34afe Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Mon, 7 Dec 2015 15:48:57 -0800
Subject: [PATCH] adbd: allow ddms screen capture to work again

The removal of domain_deprecated broke ddms screen capturing
functionality.

Steps to reproduce:

1) Run "ddms"
2) Select your device
3) Go to the Device > Screen Capture menu
4) Attempt to take a screenshot

Addresses the following denials:

  avc: denied { read } for pid=2728 comm="screencap" name="ion" dev="tmpfs" ino=7255 scontext=u:r:adbd:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file permissive=1
  avc: denied { open } for pid=2728 comm="screencap" name="ion" dev="tmpfs" ino=7255 scontext=u:r:adbd:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file permissive=1
  avc: denied { ioctl } for pid=2728 comm="screencap" path="/dev/ion" dev="tmpfs" ino=7255 ioctlcmd=4905 scontext=u:r:adbd:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file permissive=1
  avc: denied { read } for pid=5261 comm="screencap" name="egl" dev="dm-1" ino=210 scontext=u:r:adbd:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0
  avc: denied { read } for pid=5261 comm="screencap" name="egl" dev="dm-1" ino=210 scontext=u:r:adbd:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0

Bug: 26023462
Change-Id: Ie77c65900de56756d5c9b99dcda1e20664151ed2
---
 adbd.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/adbd.te b/adbd.te
index 34c0ae9b5..07b64ac86 100644
--- a/adbd.te
+++ b/adbd.te
@@ -62,6 +62,8 @@ binder_use(adbd)
 binder_call(adbd, surfaceflinger)
 # b/13188914
 allow adbd gpu_device:chr_file rw_file_perms;
+allow adbd ion_device:chr_file r_file_perms;
+r_dir_file(adbd, system_file)
 
 # Read /data/misc/adb/adb_keys.
 allow adbd adb_keys_file:dir search;
-- 
GitLab