515389001d
Allow adb shell to run dumpsys.
Addresses the following denials:
23.720402 type=1400 audit(1387473582.512:12): avc: denied { read write } for pid=1469 comm="dumpsys" path="/dev/pts/0" dev="devpts" ino=3 scontext=u:r:system_server:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file
23.862719 type=1400 audit(1387473582.652:13): avc: denied { getattr } for pid=696 comm="Binder_3" path="/dev/pts/0" dev="devpts" ino=3 scontext=u:r:system_server:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file
Change-Id: I6c56f9267d769d579514dca3cfde8d5a99170456
8 lines
335 B
Text
8 lines
335 B
Text
# Rules common to all binder service domains
|
|
|
|
# Allow dumpstate to collect information from binder services
|
|
allow binderservicedomain dumpstate:fd use;
|
|
allow binderservicedomain dumpstate:unix_stream_socket { read write getopt getattr };
|
|
|
|
# Allow dumpsys to work from adb shell
|
|
allow binderservicedomain devpts:chr_file rw_file_perms;
|