From 0780f30c80740c3a19e70e9ffa25631e5b9a9ced Mon Sep 17 00:00:00 2001
From: dcashman <dcashman@google.com>
Date: Tue, 30 Dec 2014 15:21:50 -0800
Subject: [PATCH] Allow dumpstate and shell to list services.

Addresses the following denials:
avc:  denied  { list } for service=NULL scontext=u:r:shell:s0 tcontext=u:r:servicemanager:s0 tclass=service_manager
avc:  denied  { list } for service=NULL scontext=u:r:dumpstate:s0 tcontext=u:r:servicemanager:s0 tclass=service_manager

Bug: 18864737
Change-Id: I72bd2cd9663f1df9410c2139411038fa997bf1b4
---
 dumpstate.te | 2 ++
 shell.te     | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/dumpstate.te b/dumpstate.te
index df1506702..b1e746af0 100644
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -118,3 +118,5 @@ allow dumpstate {
     system_app_service
     system_server_service
 }:service_manager find;
+
+allow dumpstate servicemanager:service_manager list;
diff --git a/shell.te b/shell.te
index 00e991b56..3e30adc85 100644
--- a/shell.te
+++ b/shell.te
@@ -55,3 +55,6 @@ allow shell debugfs:file r_file_perms;
 
 # allow shell to run dmesg
 allow shell kernel:system syslog_read;
+
+# allow shell to list services
+allow shell servicemanager:service_manager list;
-- 
GitLab