-
ynwang authored
Allow storaged to read /proc/[pid]/io Grant binder access to storaged Add storaged service Grant storaged_exec access to dumpstate Grant storaged binder_call to dumpstate Bug: 32221677 Change-Id: Iecc9dba266c5566817a99ac6251eb943a0bac630
e68d2d2c
dumpstate.te 727 B
# type_transition must be private policy the domain_trans rules could stay
# public, but conceptually should go with this
init_daemon_domain(dumpstate)
# Execute and transition to the vdc domain
domain_auto_trans(dumpstate, vdc_exec, vdc)
# TODO: deal with tmpfs_domain pub/priv split properly
allow dumpstate dumpstate_tmpfs:file execute;
# systrace support - allow atrace to run
allow dumpstate debugfs_tracing:dir r_dir_perms;
allow dumpstate debugfs_tracing:file rw_file_perms;
allow dumpstate debugfs_trace_marker:file getattr;
allow dumpstate atrace_exec:file rx_file_perms;
allow dumpstate storaged_exec:file rx_file_perms;
# Allow dumpstate to make binder calls to storaged service
binder_call(dumpstate, storaged)