-
Steven Moreland authored
Only seeing this denial in permissive: allow shell screencap_exec:file getattr; Bug: 37565047 Test: adb shell screencap w/o root Test: cts-tradefed run cts-dev --module CtsAadbHostTestCases Merged-In: I9f31d2067e002e7042646ee38dbfc06687481ac7 Change-Id: I9f31d2067e002e7042646ee38dbfc06687481ac7
9216a6ad
dumpstate.te 949 B
typeattribute dumpstate coredomain;
init_daemon_domain(dumpstate)
# Execute and transition to the vdc domain
domain_auto_trans(dumpstate, vdc_exec, vdc)
# Acquire advisory lock on /system/etc/xtables.lock from ip[6]tables
allow dumpstate system_file:file lock;
# TODO: deal with tmpfs_domain pub/priv split properly
allow dumpstate dumpstate_tmpfs:file execute;
# systrace support - allow atrace to run
allow dumpstate debugfs_tracing:dir r_dir_perms;
allow dumpstate debugfs_tracing:file rw_file_perms;
allow dumpstate debugfs_trace_marker:file getattr;
allow dumpstate atrace_exec:file rx_file_perms;
allow dumpstate storaged_exec:file rx_file_perms;
# Allow dumpstate to make binder calls to storaged service
binder_call(dumpstate, storaged)
# Collect metrics on boot time created by init
get_prop(dumpstate, boottime_prop)
# Use screencap
domain_auto_trans(dumpstate, screencap_exec, screencap)
allow dumpstate screencap:process signal;