Merge "Ensure taking a bugreport generates no denials."

2018-09-11 16:12:21 +00:00 · 2018-09-11 16:12:21 +00:00 · dc60253988
commit dc60253988
parent 7706f51fd3 e9ee9d86d0
1 changed files with 6 additions and 0 deletions
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@ -264,6 +264,12 @@ allow dumpstate self:netlink_socket create_socket_perms_no_ioctl;
 # newer kernels (e.g. 4.4) have a new class for sockets
 allow dumpstate self:netlink_generic_socket create_socket_perms_no_ioctl;

+# Allow dumpstate to run ss
+allow dumpstate { domain pdx_channel_socket_type pdx_endpoint_socket_type }:socket_class_set getattr;
+
+# For when dumpstate runs df
+dontaudit dumpstate mnt_vendor_file:dir search;
+
 # Allow dumpstate to kill vendor dumpstate service by init
 set_prop(dumpstate, ctl_dumpstate_prop)