From fde0e02a2c961efcf7552c0ea95ad170bbf3e15f Mon Sep 17 00:00:00 2001
From: Josh Gao <jmgao@google.com>
Date: Wed, 19 Jul 2017 17:29:43 -0700
Subject: [PATCH] crash_dump_fallback: allow writing to system_server pipes.

Allow mediacodec/mediaextractor to write to system_server pipes during
ANR dumps.

Addresses the following denials:
avc: denied { write } for comm="mediaextractor" path="pipe:[1177610]" dev="pipefs" ino=1177610 scontext=u:r:mediaextractor:s0 tcontext=u:r:system_server:s0 tclass=fifo_file permissive=0
avc: denied { write } for comm="omx@1.0-service" path="pipe:[1175808]" dev="pipefs" ino=1175808 scontext=u:r:mediacodec:s0 tcontext=u:r:system_server:s0 tclass=fifo_file permissive=0

Bug: http://b/63801592
Test: treehugger
Change-Id: I944b1fa76c70402607ccd903be17dbddeaa73201
(cherry picked from commit 3c9b91977d4e0f06d53510429078291c08aff85c)
---
 public/te_macros | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/public/te_macros b/public/te_macros
index 48eb36644..c7802d5a7 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -474,8 +474,9 @@ userdebug_or_eng(`
 ')
 allow $1 anr_data_file:file append;
 allow $1 dumpstate:fd use;
-# TODO: Figure out why write is needed and remove.
+# TODO: Figure out why write is needed.
 allow $1 dumpstate:fifo_file { append write };
+allow $1 system_server:fifo_file { append write };
 allow $1 tombstoned:unix_stream_socket connectto;
 allow $1 tombstoned:fd use;
 allow $1 tombstoned_crash_socket:sock_file write;
-- 
GitLab