Allow dumpstate to exec derive_sdk
derive_sdk is used to configure installed SDK extensions. It can also print debug information about these. Allow dumpstate to execute derive_sdk, to include the debug information in bugreports. Bug: 240656777 Test: adb bugreport /tmp/bugreport.zip && unzip -c /tmp/bugreport.zip bugreport*.txt | grep -i 'sdk extensions' Change-Id: I0f502f9f94a376dff2e7eb821f7bf753de2d5482
This commit is contained in:
Mårten Kongstad
parent
c4f84bcb37
commit
098e9094c3
2 changed files with 11 additions and 0 deletions
|
|
@ -10,3 +10,11 @@ allow derive_sdk apex_mnt_dir:dir r_dir_perms;
|
|||
# Prop rules: writable by derive_sdk, readable by bootclasspath (apps)
|
||||
set_prop(derive_sdk, module_sdkextensions_prop)
|
||||
neverallow { domain -init -derive_sdk } module_sdkextensions_prop:property_service set;
|
||||
|
||||
# Allow derive_sdk to write data back to dumpstate when forked from dumpstate.
|
||||
# The shell_data_file permissions are needed when a bugreport is taken:
|
||||
# dumpstate will redirect its stdout to a temporary shell_data_file:file, and
|
||||
# this makes derive_sdk append to that file.
|
||||
allow derive_sdk dumpstate:fd use;
|
||||
allow derive_sdk dumpstate:unix_stream_socket { read write };
|
||||
allow derive_sdk shell_data_file:file { getattr append read write };
|
||||
|
|
|
|||
|
|
@ -123,3 +123,6 @@ allow perfetto dumpstate:fd use;
|
|||
|
||||
# system_dlkm_file for /system_dlkm partition
|
||||
allow dumpstate system_dlkm_file:dir getattr;
|
||||
|
||||
# Allow dumpstate to execute derive_sdk in its own domain
|
||||
domain_auto_trans(dumpstate, derive_sdk_exec, derive_sdk)
|
||||
|
|
|
|||
Loading…
Reference in a new issue