09e6abd91b
Add the necessary rules to support dumpstate. Start off initially in permissive until it has more testing. Dumpstate is triggered by running "adb bugreport" Change-Id: Ic17a60cca1f6f40daa4f2c51e9ad6009ef36cfbd
19 lines
633 B
Text
19 lines
633 B
Text
# healthd seclabel is specified in init.rc since
|
|
# it lives in the rootfs and has no unique file type.
|
|
type healthd, domain;
|
|
type healthd_exec, exec_type, file_type;
|
|
|
|
init_daemon_domain(healthd)
|
|
allow healthd rootfs:file { read entrypoint };
|
|
write_klog(healthd)
|
|
|
|
allow healthd self:capability { net_admin mknod };
|
|
allow healthd self:capability2 block_suspend;
|
|
allow healthd self:netlink_kobject_uevent_socket create_socket_perms;
|
|
binder_use(healthd)
|
|
binder_service(healthd)
|
|
binder_call(healthd, system_server)
|
|
|
|
# Workaround for 0x10 / block_suspend capability2 denials.
|
|
# Requires a kernel patch to fix properly.
|
|
permissive healthd;
|