From ddde8c29336e1938d6a995cb78e53f300ec6be77 Mon Sep 17 00:00:00 2001
From: dcashman <dcashman@google.com>
Date: Wed, 12 Mar 2014 10:27:02 -0700
Subject: [PATCH] Allow adbd access to gpu_device.

Addresses denials seen when attempting to take a screencaputre from ddms:
<5>[ 1232.327360] type=1400 audit(1393354131.695:41): avc:  denied  { read write } for  pid=18487 comm="screencap" name="nvhost-ctrl" dev="tmpfs" ino=4035 scontext=u:r:adbd:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file

Bug: 13188914
Change-Id: I758e4f87ab024035604d47eebae7f89f21ea1e3e
---
 adbd.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/adbd.te b/adbd.te
index cda54142d..76cc4b1d5 100644
--- a/adbd.te
+++ b/adbd.te
@@ -50,6 +50,8 @@ unix_socket_connect(adbd, vold, vold)
 # XXX Run screencap in a separate domain?
 binder_use(adbd)
 binder_call(adbd, surfaceflinger)
+# b/13188914
+allow adbd gpu_device:chr_file rw_file_perms;
 
 # Read /data/misc/adb/adb_keys.
 allow adbd adb_keys_file:dir search;
-- 
GitLab