SEPolicy: Allow app / system_server to write to dumpstate pipes. am: a34781ae am: 32c7000e

am: b25e8823 Change-Id: I778011a48800ace4d865813b148efcdd88d166bb

SEPolicy: Allow app / system_server to write to dumpstate pipes. am: a34781ae am: 32c7000e
bf7a5bd6 · Narayan Kamath · android-build-merger · 6d9f42f0 · b25e8823 · bf7a5bd6
Commit bf7a5bd6 authored 7 years ago by Narayan Kamath Committed by android-build-merger 7 years ago
--- a/private/app.te
+++ b/private/app.te
@@ -150,9 +150,13 @@ allow appdomain anr_data_file:file { open append };
 # domain socket.
 #
 # Allow apps to connect and write to the tombstoned java trace socket in
-# order to dump their traces.
+# order to dump their traces. Also allow them to append traces to pipes
+# created by dumptrace. (Also see the rules below where they are given
+# additional permissions to dumpstate pipes for other aspects of bug report
+# creation).
 unix_socket_connect(appdomain, tombstoned_java_trace, tombstoned)
 allow appdomain tombstoned:fd use;
+allow appdomain dumpstate:fifo_file append;
 # Allow apps to send dump information to dumpstate
 allow appdomain dumpstate:fd use;

--- a/private/system_server.te
+++ b/private/system_server.te
@@ -342,9 +342,11 @@ allow system_server anr_data_file:file create_file_perms;
 # domain socket.
 #
 # Allow system_server to connect and write to the tombstoned java trace socket in
-# order to dump its traces.
+# order to dump its traces. Also allow the system server to write its traces to
+# dumpstate during bugreport capture.
 unix_socket_connect(system_server, tombstoned_java_trace, tombstoned)
 allow system_server tombstoned:fd use;
+allow system_server dumpstate:fifo_file append;
 # Read /data/misc/incidents - only read. The fd will be sent over binder,
 # with no DAC access to it, for dropbox to read.