From fa281f5d7855414271b8bdcc2dbc34fdb06fa2f5 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Thu, 19 Mar 2015 11:18:03 -0700
Subject: [PATCH] procrank: fix procrank when run from dumpstate

Commit a191398812eb35be613541b3822a363919da8586 added a new
SELinux label to /system/xbin/procrank, which had the effect of
preventing dumpstate from executing procrank. Allow dumpstate
to execute procrank.

Bug: 18342188
Change-Id: If5b781db0d3af34912f3c803b7fa73d53120f3ba
---
 procrank.te | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/procrank.te b/procrank.te
index 06b33f8d8..680d5490b 100644
--- a/procrank.te
+++ b/procrank.te
@@ -5,9 +5,11 @@ userdebug_or_eng(`
   type procrank, domain, mlstrustedsubject;
 
   domain_auto_trans(shell, procrank_exec, procrank)
+  domain_auto_trans(dumpstate, procrank_exec, procrank)
   allow procrank self:capability sys_ptrace;
   allow procrank devpts:chr_file { read write getattr ioctl };
+  allow procrank dumpstate:unix_stream_socket { read write getattr };
   r_dir_file(procrank, domain)
-  allow procrank shell:fd use;
+  allow procrank { shell dumpstate }:fd use;
   allow procrank adbd:process sigchld;
 ')