From 9103c9751c939243d2844fbbaa1e107fe6fde02a Mon Sep 17 00:00:00 2001
From: Kazuki Nakayama <kazuki.x.nakayama@sonymobile.com>
Date: Mon, 23 Mar 2015 16:31:13 +0900
Subject: [PATCH] Allow dumpstate to read symlink under dalvik-cache

This fixes the following policy violation:
avc: denied { read } pid=30295 comm="app_process"
tcontext=u:object_r:dalvikcache_data_file:s0
scontext=u:r:dumpstate:s0 tclass=lnk_file
permissive=0 ppid=26813 pcomm="dumpstate"
pgid=26813 pgcomm="dumpstate"

See 0e32726 in app.te for a symmetrical
change.

Change-Id: Iecbccd5fd0046ec193f08b26f9db618dee7a80c1
---
 dumpstate.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dumpstate.te b/dumpstate.te
index cb38e0ba0..16050edb8 100644
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -88,6 +88,7 @@ allow dumpstate dumpstate_tmpfs:file execute;
 allow dumpstate self:process execmem;
 # For art.
 allow dumpstate dalvikcache_data_file:file execute;
+allow dumpstate dalvikcache_data_file:lnk_file r_file_perms;
 
 # Dumpstate calls screencap, which grabs a screenshot. Needs gpu access
 allow dumpstate gpu_device:chr_file rw_file_perms;
-- 
GitLab