From cba41e5a06d894dd42d3521ddeadd11c2b6b55f1 Mon Sep 17 00:00:00 2001
From: Alex Klyubin <klyubin@google.com>
Date: Wed, 28 Dec 2016 17:44:33 -0800
Subject: [PATCH] Enable ADB shell access to ro.serialno

6e4508e625e29f1a782428447de142e96498b5e4 inadvertently removed access
to ro.serialno and ro.boot.serialno from ADB shell. This is needed for
CTS. This commit thus reinstates the access.

Test: adb shell getprop ro.serialno
Bug: 33700679
Change-Id: I62de44b1631c03fcd64ceabaf33bbaeb869c2851
---
 public/domain.te | 1 +
 public/shell.te  | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/public/domain.te b/public/domain.te
index 2bf0be312..af4d03e35 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -383,6 +383,7 @@ neverallow {
   -init
   -mediadrmserver
   -recovery
+  -shell
   -system_server
 } serialno_prop:file r_file_perms;
 
diff --git a/public/shell.te b/public/shell.te
index 2fe0fc741..5f7af0b48 100644
--- a/public/shell.te
+++ b/public/shell.te
@@ -72,6 +72,9 @@ userdebug_or_eng(`
   set_prop(shell, persist_debug_prop)
 ')
 
+# Read device's serial number from system properties
+get_prop(shell, serialno_prop)
+
 # allow shell access to services
 allow shell servicemanager:service_manager list;
 # don't allow shell to access GateKeeper service
-- 
GitLab