Allow dumpstate to call mediaswcodec over binder

This prevents denials while taking a bugreport.

Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t
android.security.cts.SELinuxHostTest#testNoBugreportDenials

Change-Id: I381b39fa127f82fcef5d820a04209fd1ba4f63cd
This commit is contained in:
Joel Galenson 2018-10-22 12:39:28 -07:00
parent faba431221
commit 33ded4a69b

View file

@ -278,6 +278,9 @@ dontaudit dumpstate apex_mnt_dir:dir getattr;
# Allow dumpstate to talk to bufferhubd over binder # Allow dumpstate to talk to bufferhubd over binder
binder_call(dumpstate, bufferhubd); binder_call(dumpstate, bufferhubd);
# Allow dumpstate to talk to mediaswcodec over binder
binder_call(dumpstate, mediaswcodec);
# Allow dumpstate to kill vendor dumpstate service by init # Allow dumpstate to kill vendor dumpstate service by init
set_prop(dumpstate, ctl_dumpstate_prop) set_prop(dumpstate, ctl_dumpstate_prop)