From bafbf8133015204ac1b9116ccd4235e8a615895c Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Fri, 14 Mar 2014 08:37:16 -0400
Subject: [PATCH] Allow system_server to read from log daemon.

Addresses denials such as:
avc:  denied  { write } for  pid=1797 comm="logcat" name="logdr" dev="tmpfs" ino=7523 scontext=u:r:system_server:s0 tcontext=u:object_r:logdr_socket:s0 tclass=sock_file
avc:  denied  { connectto } for  pid=1797 comm="logcat" path="/dev/socket/logdr" scontext=u:r:system_server:s0 tcontext=u:r:logd:s0 tclass=unix_stream_socket

Change-Id: Idc4f48519ca3d81125102e8f15f68989500f5e9e
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 system_server.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/system_server.te b/system_server.te
index 76998a923..9938079d2 100644
--- a/system_server.te
+++ b/system_server.te
@@ -264,6 +264,9 @@ selinux_manage_policy(system_server)
 # (urge is to deprecate this long term)
 allow system_server zygote:unix_dgram_socket write;
 
+# Read from log daemon.
+read_logd(system_server)
+
 # Be consistent with DAC permissions. Allow system_server to write to
 # /sys/module/lowmemorykiller/parameters/adj
 # /sys/module/lowmemorykiller/parameters/minfree
-- 
GitLab