Ensure taking a bugreport generates no denials.

This commit adds new SELinux permissions and neverallow rules so that
taking a bugreport does not produce any denials.

Bug: 73256908
Test: Captured bugreports on Sailfish and Walleye and verified
that there were no denials.

Merged-In: If3f2093a2b51934938e3d7e5c42036b2e2bf6de9
Change-Id: I10882e7adda0bb51bf373e0e62fda0acc8ad34eb

private/dumpstate.te

@@ -38,3 +38,10 @@ get_prop(dumpstate, boottime_prop)
 allow dumpstate {
   statsd
 }:process signal;
+
+# For collecting bugreports.
+allow dumpstate debugfs_wakeup_sources:file r_file_perms;
+allow dumpstate dev_type:blk_file getattr;
+allow dumpstate webview_zygote:process signal;
+dontaudit dumpstate perfprofd:binder call;
+dontaudit dumpstate update_engine:binder call;

private/installd.te

@@ -16,3 +16,7 @@ domain_auto_trans(installd, idmap_exec, idmap)
 
 # Create /data/.layout_version.* file
 type_transition installd system_data_file:file install_data_file;
+
+# For collecting bugreports.
+allow installd dumpstate:fd use;
+allow installd dumpstate:fifo_file r_file_perms;

private/storaged.te

@@ -53,6 +53,9 @@ allow storaged package_native_service:service_manager find;
 # running as root. See b/35323867 #3.
 dontaudit storaged self:global_capability_class_set dac_override;
 
+# For collecting bugreports.
+allow storaged dumpstate:fifo_file write;
+
 ###
 ### neverallow
 ###

vendor/hal_camera_default.te

@@ -5,3 +5,7 @@ type hal_camera_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_camera_default)
 
 allow hal_camera_default fwk_sensor_hwservice:hwservice_manager find;
+
+# For collecting bugreports.
+allow hal_camera_default dumpstate:fd use;
+allow hal_camera_default dumpstate:fifo_file write;