From 7218698d5a2689f3e8ec13845fda1d382d7d0631 Mon Sep 17 00:00:00 2001
From: Ray Essick <essick@google.com>
Date: Thu, 30 Mar 2017 11:37:06 -0700
Subject: [PATCH] allow media.metrics to write to file descriptor in /data

when GMSCore collects information for uploading via 'dumpsys
media.metrics', it provides the metrics service with a file descriptor
to hold the data, which is post-processed by the log collecting code
in GMScore.  This temp file lives in /data/, a place where our
restrictive policies for media.metrics doesn't allow any writing.

This relaxes the restrictions -- allowing media.metrics to
write to already open file descriptors it might be given on that
partition.

Bug: 36660639
Test: build/boot
Change-Id: Icbaa76b04ecf731014b6b1bb1283bc2951a6ae4b
---
 public/mediametrics.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/public/mediametrics.te b/public/mediametrics.te
index ce2dab722..4c10d878c 100644
--- a/public/mediametrics.te
+++ b/public/mediametrics.te
@@ -14,6 +14,9 @@ allow mediametrics system_server:fd use;
 r_dir_file(mediametrics, cgroup)
 allow mediametrics proc_meminfo:file r_file_perms;
 
+# allows interactions with dumpsys to GMScore
+allow mediametrics app_data_file:file write;
+
 ###
 ### neverallow rules
 ###
-- 
GitLab