storaged: add permissions for dumpstate

The service "storaged" implememnts a dump() interface for dumpsys, and thus it needs to write its state to the fd provided by dumpstate. To correct this, and fix dumpstate, allow the permission. Fixes: avc: denied { use } for pid=3298 comm="dumpsys" path="pipe:[33470]" dev="pipefs" ino=33470 scontext=u:r:storaged:s0 tcontext=u:r:dumpstate:s0 tclass=fd permissive=0 Test: With a device that has storaged, issue the command: $ adb shell dumpstate Change-Id: I515e20f0328b6edc01ea2a7c53b1d3c4ca0e72ac Signed-off-by: William Roberts <william.c.roberts@intel.com>

storaged: add permissions for dumpstate
fd8f305b · William Roberts · 7f4b2ad5 · fd8f305b
Commit fd8f305b authored 7 years ago by William Roberts
--- a/private/storaged.te
+++ b/private/storaged.te
@@ -35,6 +35,9 @@ binder_call(storaged, system_server)
 allow storaged batteryproperties_service:service_manager find;
 binder_call(storaged, healthd)

+# Implements a dumpsys interface.
+allow storaged dumpstate:fd use;
+
 # Kernel does extra check on CAP_DAC_OVERRIDE for libbinder when storaged is
 # running as root. See b/35323867 #3.
 dontaudit storaged self:capability dac_override;