From b037a6c94b357c9a85d13dde548f5799c592c6ac Mon Sep 17 00:00:00 2001
From: dcashman <dcashman@google.com>
Date: Mon, 25 Jan 2016 16:09:01 -0800
Subject: [PATCH] Add adbd socket perms to system_server.

Commit 2fdeab3789ec6e5ec6f7424abf41a9aaa73564b0 added ability to debug
over adbd for zygote-spawned apps, required by removal of domain_deprecated
from untrusted_app.  This functionality is a core debugabble component
of the android runtime, so it is needed by system_server as well.

Bug: 26458796
Change-Id: I29f5390122b3644449a5c3dcf4db2d0e969f6a9a
---
 system_server.te | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/system_server.te b/system_server.te
index d0cb2298c..eae67ed91 100644
--- a/system_server.te
+++ b/system_server.te
@@ -443,6 +443,12 @@ userdebug_or_eng(`
 allow system_server vold:fd use;
 allow system_server fuse_device:chr_file { read write ioctl };
 
+# Connect to adbd and use a socket transferred from it.
+# Used for e.g. jdwp.
+allow system_server adbd:unix_stream_socket connectto;
+allow system_server adbd:fd use;
+allow system_server adbd:unix_stream_socket { getattr getopt ioctl read write shutdown };
+
 ###
 ### Neverallow rules
 ###
-- 
GitLab