From 676003cf3aa1b42c9efb7f287a507ebc40b51548 Mon Sep 17 00:00:00 2001
From: Chris Forbes <chrisforbes@google.com>
Date: Fri, 28 Apr 2017 10:10:36 -0700
Subject: [PATCH] allow surfaceflinger to use socket from adbd

Fixes `adb shell cmd gpu vkjson`, which was previously failing due to
surfaceflinger not being able to use the socket passed to it by adbd.

Bug: b/37157136
Test: run above command, verified on marlin + bullhead
Change-Id: I57fa7e99d5c3dc7bc7d033b83f8ce6032162d7d3
---
 private/surfaceflinger.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index 3e91d2115..8e5892be8 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -52,6 +52,9 @@ set_prop(surfaceflinger, ctl_bootanim_prop)
 allow surfaceflinger appdomain:fd use;
 allow surfaceflinger app_data_file:file { read write };
 
+# Use socket supplied by adbd, for cmd gpu vkjson etc.
+allow surfaceflinger adbd:unix_stream_socket { read write getattr };
+
 # Allow a dumpstate triggered screenshot
 binder_call(surfaceflinger, dumpstate)
 binder_call(surfaceflinger, shell)
-- 
GitLab