Allow dumpstate to open and read linkerconfig directory
To include linkerconfig results into dumpstate, dumpstate needs extra permission on lnkerconfig directory to search all items within the directory. This change allows dumpstate to have extra access on linkerconfig directory. Bug: 148840832 Test: tested from cuttlefish Change-Id: I955b54ec2cc3d1dcedaa34406e0e0776b6ac12f6
This commit is contained in:
Kiyoung Kim
parent
2b44078cac
commit
608029fb86
1 changed files with 3 additions and 0 deletions
|
|
@ -295,6 +295,9 @@ allow dumpstate self:netlink_generic_socket create_socket_perms_no_ioctl;
|
|||
# Allow dumpstate to run ss
|
||||
allow dumpstate { domain pdx_channel_socket_type pdx_endpoint_socket_type }:socket_class_set getattr;
|
||||
|
||||
# Allow dumpstate to read linkerconfig directory
|
||||
allow dumpstate linkerconfig_file:dir { read open };
|
||||
|
||||
# For when dumpstate runs df
|
||||
dontaudit dumpstate {
|
||||
mnt_vendor_file
|
||||
|
|
|
|||
Loading…
Reference in a new issue