From 67d1f1ecf544d981a16fe8b780986f22b00add3d Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Fri, 20 Jun 2014 18:25:52 -0700
Subject: [PATCH] Allow dumpsys from serial console

Trying to run dumpsys from the serial console generates the
following errors:

  shell@device:/ # dumpsys power
  [ 3244.099015] binder: 2259:2259 transaction failed 29201, size 28-8
  [ 3244.099291] type=1400 audit(1403313679.642:12): avc: denied { read write } for pid=2259 comm="dumpsys" path="/dev/console" dev="tmpfs" ino=6188 scontext=u:r:system_server:s0 tcontext=u:object_r:console_device:s0 tclass=chr_file permissive=0
  Error dumping service info: (Unknown error -2147483646) power

and the operation fails. Allow binderservicedomains to perform
writes to /dev/console.

Bug: 15779131
Change-Id: Iff55ab09c3a4d40e12d49ff2308bf147f9cb6937
---
 binderservicedomain.te | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/binderservicedomain.te b/binderservicedomain.te
index db2f93ffa..2533fbef0 100644
--- a/binderservicedomain.te
+++ b/binderservicedomain.te
@@ -5,8 +5,9 @@ allow binderservicedomain dumpstate:fd use;
 allow binderservicedomain dumpstate:unix_stream_socket { read write getopt getattr };
 allow binderservicedomain shell_data_file:file { getattr write };
 
-# Allow dumpsys to work from adb shell
+# Allow dumpsys to work from adb shell or the serial console
 allow binderservicedomain devpts:chr_file rw_file_perms;
+allow binderservicedomain console_device:chr_file rw_file_perms;
 
 # Receive and write to a pipe received over Binder from an app.
 allow binderservicedomain appdomain:fd use;
-- 
GitLab