Merge "Add dropbox entries as files to dumpstate ZIP."

private/domain.te

@@ -223,8 +223,18 @@ neverallow {
 
 # System_server owns dropbox data, and init creates/restorecons the directory
 # Disallow direct access by other processes.
-neverallow { domain -init -system_server } dropbox_data_file:dir *;
-neverallow { domain -init -system_server } dropbox_data_file:file ~{ getattr read };
+neverallow {
+  domain
+  -init
+  -system_server
+  userdebug_or_eng(`-dumpstate')
+} dropbox_data_file:dir *;
+neverallow {
+  domain
+  -init
+  -system_server
+  userdebug_or_eng(`-dumpstate')
+} dropbox_data_file:file ~{ getattr read };
 
 ###
 # Services should respect app sandboxes

private/dumpstate.te

@@ -27,6 +27,12 @@ userdebug_or_eng(`
   allow dumpstate wm_trace_data_file:file r_file_perms;
 ')
 
+# /data/system/dropbox for dropbox entries
+userdebug_or_eng(`
+  allow dumpstate dropbox_data_file:dir r_dir_perms;
+  allow dumpstate dropbox_data_file:file r_file_perms;
+')
+
 # Allow dumpstate to make binder calls to incidentd
 binder_call(dumpstate, incidentd)