From d895b40f2ef71fe7a4197be90b1460f6475c5501 Mon Sep 17 00:00:00 2001
From: Steven Moreland <smoreland@google.com>
Date: Fri, 8 May 2020 14:28:54 -0700
Subject: [PATCH] servicemanager: add dump fd permissions

Getting hit when bugreport tries to dump this.

Fixes: 155835324
Test: adb bugreport, check denials
(cherry picked from commit b0fb5b44f8558146d7e287bd7d8b603226a1e31d)
Merged-In: I189aeba2d3a5dfafccb8f8a4db224db71820faca
Change-Id: Ic044f245d8fee9f7a49cf23f76961f7dedbb3d8b
---
 prebuilts/api/30.0/public/servicemanager.te | 2 ++
 public/servicemanager.te                    | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/prebuilts/api/30.0/public/servicemanager.te b/prebuilts/api/30.0/public/servicemanager.te
index 10347d913..85777f534 100644
--- a/prebuilts/api/30.0/public/servicemanager.te
+++ b/prebuilts/api/30.0/public/servicemanager.te
@@ -22,6 +22,8 @@ allow servicemanager service_contexts_file:file r_file_perms;
 not_full_treble(`allow servicemanager nonplat_service_contexts_file:file r_file_perms;')
 
 add_service(servicemanager, service_manager_service)
+allow servicemanager dumpstate:fd use;
+allow servicemanager dumpstate:fifo_file write;
 
 # Check SELinux permissions.
 selinux_check_access(servicemanager)
diff --git a/public/servicemanager.te b/public/servicemanager.te
index 10347d913..85777f534 100644
--- a/public/servicemanager.te
+++ b/public/servicemanager.te
@@ -22,6 +22,8 @@ allow servicemanager service_contexts_file:file r_file_perms;
 not_full_treble(`allow servicemanager nonplat_service_contexts_file:file r_file_perms;')
 
 add_service(servicemanager, service_manager_service)
+allow servicemanager dumpstate:fd use;
+allow servicemanager dumpstate:fifo_file write;
 
 # Check SELinux permissions.
 selinux_check_access(servicemanager)