Merge "Fix denials during bugreport."

private/compat/28.0/28.0.cil

@@ -1538,6 +1538,7 @@
 (typeattributeset swap_block_device_28_0 (swap_block_device))
 (typeattributeset sysfs_28_0
   ( sysfs
+    sysfs_devices_block
     sysfs_extcon
     sysfs_loop))
 (typeattributeset sysfs_android_usb_28_0 (sysfs_android_usb))

private/genfs_contexts

@@ -111,6 +111,7 @@ genfscon sysfs /class/rtc                         u:object_r:sysfs_rtc:s0
 genfscon sysfs /class/switch                      u:object_r:sysfs_switch:s0
 genfscon sysfs /devices/platform/nfc-power/nfc_power u:object_r:sysfs_nfc_power_writable:s0
 genfscon sysfs /devices/virtual/android_usb     u:object_r:sysfs_android_usb:s0
+genfscon sysfs /devices/virtual/block/            u:object_r:sysfs_devices_block:s0
 genfscon sysfs /devices/virtual/block/dm-       u:object_r:sysfs_dm:s0
 genfscon sysfs /devices/virtual/block/loop       u:object_r:sysfs_loop:s0
 genfscon sysfs /devices/virtual/block/zram0     u:object_r:sysfs_zram:s0

public/dumpstate.te

@@ -92,6 +92,7 @@ unix_socket_connect(dumpstate, tombstoned_intercept, tombstoned)
 allow dumpstate sysfs_type:dir r_dir_perms;
 
 allow dumpstate {
+  sysfs_devices_block
   sysfs_dm
   sysfs_loop
   sysfs_usb
@@ -102,6 +103,8 @@ allow dumpstate {
 allow dumpstate debugfs:file r_file_perms;
 auditallow dumpstate debugfs:file r_file_perms;
 
+allow dumpstate debugfs_mmc:file r_file_perms;
+
 # df for
 allow dumpstate {
   block_device

public/file.te

@@ -73,6 +73,7 @@ type sysfs_android_usb, fs_type, sysfs_type;
 type sysfs_uio, sysfs_type, fs_type;
 type sysfs_batteryinfo, fs_type, sysfs_type;
 type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_devices_block, fs_type, sysfs_type;
 type sysfs_dm, fs_type, sysfs_type;
 type sysfs_dt_firmware_android, fs_type, sysfs_type;
 type sysfs_extcon, fs_type, sysfs_type;