Allow system_server to read from log daemon.

Addresses denials such as: avc: denied { write } for pid=1797 comm="logcat" name="logdr" dev="tmpfs" ino=7523 scontext=u:r:system_server:s0 tcontext=u:object_r:logdr_socket:s0 tclass=sock_file avc: denied { connectto } for pid=1797 comm="logcat" path="/dev/socket/logdr" scontext=u:r:system_server:s0 tcontext=u:r:logd:s0 tclass=unix_stream_socket Change-Id: Idc4f48519ca3d81125102e8f15f68989500f5e9e Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Allow system_server to read from log daemon.
bafbf813 · Stephen Smalley · 6fe899a0 · bafbf813
Commit bafbf813 authored 11 years ago by Stephen Smalley
--- a/system_server.te
+++ b/system_server.te
@@ -264,6 +264,9 @@ selinux_manage_policy(system_server)
 # (urge is to deprecate this long term)
 allow system_server zygote:unix_dgram_socket write;

+# Read from log daemon.
+read_logd(system_server)
+
 # Be consistent with DAC permissions. Allow system_server to write to
 # /sys/module/lowmemorykiller/parameters/adj
 # /sys/module/lowmemorykiller/parameters/minfree