Merge "Allow dumpstate to open and read linkerconfig directory"

2020-02-05 07:58:12 +00:00 · 2020-02-05 07:58:12 +00:00 · 7be9b32fdb
commit 7be9b32fdb
parent c98291c37c 608029fb86
1 changed files with 3 additions and 0 deletions
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@ -295,6 +295,9 @@ allow dumpstate self:netlink_generic_socket create_socket_perms_no_ioctl;
 # Allow dumpstate to run ss
 allow dumpstate { domain pdx_channel_socket_type pdx_endpoint_socket_type }:socket_class_set getattr;

+# Allow dumpstate to read linkerconfig directory
+allow dumpstate linkerconfig_file:dir { read open };
+
 # For when dumpstate runs df
 dontaudit dumpstate {
  mnt_vendor_file