From ef8cf12fd5e267f4fe74adbdb3667d487e007ad6 Mon Sep 17 00:00:00 2001
From: Alan Stokes <alanstokes@google.com>
Date: Fri, 24 May 2024 08:56:08 +0000
Subject: [PATCH] Revert "Suppress denials for odsign console"

This reverts commit 8b80dacadcb4d633ddd799df21aa4b8a06c7ab4e.

Reason for revert: b/341649167
Bug: 293259827
Change-Id: I25183a11b2c522f475eceeadcde5bcc74c95ba56
---
 private/compos_verify.te | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/private/compos_verify.te b/private/compos_verify.te
index 99d645eb9..5b3615eea 100644
--- a/private/compos_verify.te
+++ b/private/compos_verify.te
@@ -15,10 +15,9 @@ allow compos_verify apex_compos_data_file:file { rw_file_perms create };
 allow compos_verify apex_art_data_file:dir search;
 allow compos_verify apex_art_data_file:file r_file_perms;
 
-# odsign runs us with its console as our stdin/stdout/stderr.
-# But we never use them; logs go to logcat. Suppress the useless denials.
-dontaudit compos_verify odsign:fd use;
-dontaudit compos_verify odsign_devpts:chr_file { read write };
+# Allow odsign to redirect our stdout/stderr to log
+allow compos_verify odsign:fd use;
+allow compos_verify odsign_devpts:chr_file { read write };
 
 # Only odsign can enter the domain via exec
 neverallow { domain -odsign } compos_verify:process transition;