From a5066135eeb15ab4c61241689dca1fdfe3a19e05 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Tue, 7 Jan 2014 13:25:25 -0500
Subject: [PATCH] Fix denials triggered by adb shell screencap.

Change-Id: Ief925f1f49a6579d5a7a1035f3732834238fa590
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 dumpstate.te      | 2 +-
 surfaceflinger.te | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/dumpstate.te b/dumpstate.te
index 948131e67..e0fe4ceb8 100644
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -71,5 +71,5 @@ allow dumpstate self:capability sys_ptrace;
 
 # Allow the bugreport service to create a file in
 # /data/data/com.android.shell/files/bugreports/bugreport
-allow dumpstate shell_data_file:dir rw_dir_perms;
+allow dumpstate shell_data_file:dir create_dir_perms;
 allow dumpstate shell_data_file:file create_file_perms;
diff --git a/surfaceflinger.te b/surfaceflinger.te
index eb7caebef..e926bc89c 100644
--- a/surfaceflinger.te
+++ b/surfaceflinger.te
@@ -42,4 +42,5 @@ allow surfaceflinger bootanim:fd use;
 
 # Allow a dumpstate triggered screenshot
 binder_call(surfaceflinger, dumpstate)
+binder_call(surfaceflinger, shell)
 allow surfaceflinger shell_data_file:file write;
-- 
GitLab