From 6f9b65aac76c5fd16e9e80d3523c719a71a4d016 Mon Sep 17 00:00:00 2001 From: Orion Hodson Date: Fri, 9 Jul 2021 14:54:27 +0100 Subject: [PATCH] Add get_prop(odsign_prop) to incidentd.te Prevents SELinux denial when capturing a bugreport. Bug: 192895524 Bug: 193084909 Bug: 193096842 Bug: 193097008 Bug: 193097511 Bug: 193097845 Bug: 193097886 Ignore-AOSP-First: cherry pick of https://r.android.com/1761447 Test: adb bugreport and check no denial in logcat. Change-Id: Ide5d95782929836cffc5b3921bffae3295773532 --- prebuilts/api/31.0/private/incidentd.te | 2 ++ private/incidentd.te | 2 ++ 2 files changed, 4 insertions(+) diff --git a/prebuilts/api/31.0/private/incidentd.te b/prebuilts/api/31.0/private/incidentd.te index e20e6ca8e..918ffda83 100644 --- a/prebuilts/api/31.0/private/incidentd.te +++ b/prebuilts/api/31.0/private/incidentd.te @@ -140,6 +140,8 @@ allow incidentd zygote_exec:file { rx_file_perms }; # Access the runtime feature flag properties. get_prop(incidentd, device_config_runtime_native_prop) get_prop(incidentd, device_config_runtime_native_boot_prop) +# Access odsign verification status. +get_prop(incidentd, odsign_prop) # ART locks profile files. allow incidentd system_file:file lock; # Incidentd should never exec from the memory (e.g. JIT cache). These denials are expected. diff --git a/private/incidentd.te b/private/incidentd.te index e20e6ca8e..918ffda83 100644 --- a/private/incidentd.te +++ b/private/incidentd.te @@ -140,6 +140,8 @@ allow incidentd zygote_exec:file { rx_file_perms }; # Access the runtime feature flag properties. get_prop(incidentd, device_config_runtime_native_prop) get_prop(incidentd, device_config_runtime_native_boot_prop) +# Access odsign verification status. +get_prop(incidentd, odsign_prop) # ART locks profile files. allow incidentd system_file:file lock; # Incidentd should never exec from the memory (e.g. JIT cache). These denials are expected.