From b899f4fc33e93ad6ec3d81c39e17eae5ea2fef4f Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Mon, 7 Dec 2015 14:55:23 -0800
Subject: [PATCH] adbd: allow "adb pull /sdcard/"

The removal of domain_deprecated broke the ability for adbd to
pull files from /sdcard. Re-allow it.

Addresses the following denials:

  avc: denied { search } for pid=2753 comm=73657276696365203530 name="/" dev="tmpfs" ino=6242 scontext=u:r:adbd:s0 tcontext=u:object_r:tmpfs:s0 tclass=dir permissive=0
  avc: denied { getattr } for pid=2755 comm=73657276696365203431 path="/sdcard" dev="rootfs" ino=5472 scontext=u:r:adbd:s0 tcontext=u:object_r:rootfs:s0 tclass=lnk_file permissive=0

Change-Id: I70257933f554abd008932c7f122dd0151f464b05
---
 adbd.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/adbd.te b/adbd.te
index a35d570b8..34c0ae9b5 100644
--- a/adbd.te
+++ b/adbd.te
@@ -35,6 +35,8 @@ allow adbd shell_data_file:dir create_dir_perms;
 allow adbd shell_data_file:file create_file_perms;
 
 # adb push/pull sdcard.
+allow adbd tmpfs:dir search;
+allow adbd rootfs:lnk_file r_file_perms;
 allow adbd sdcard_type:dir create_dir_perms;
 allow adbd sdcard_type:file create_file_perms;
 
-- 
GitLab