From 19a87733c59b53b7dec898a2d456be2e283ec100 Mon Sep 17 00:00:00 2001
From: Yifan Hong <elsk@google.com>
Date: Mon, 8 May 2017 14:38:45 -0700
Subject: [PATCH] Allow adbd and shell to read /proc/config.gz

for CTS device info collection purposes.

Bug: 28656227
Test: m cts -j && cts-tradefed run cts -m Gesture --test
android.gesture.cts.GestureTest#testGetStrokes

Change-Id: I8caf3580fb05fb489dc5abb917c8cb78cb089fb7
---
 private/adbd.te  | 3 +++
 private/shell.te | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/private/adbd.te b/private/adbd.te
index b402335a2..52597ebbf 100644
--- a/private/adbd.te
+++ b/private/adbd.te
@@ -106,6 +106,9 @@ allow adbd seapp_contexts_file:file r_file_perms;
 allow adbd property_contexts_file:file r_file_perms;
 allow adbd sepolicy_file:file r_file_perms;
 
+# Allow pulling config.gz for CTS purposes
+allow adbd config_gz:file r_file_perms;
+
 allow adbd surfaceflinger_service:service_manager find;
 allow adbd bootchart_data_file:dir search;
 allow adbd bootchart_data_file:file r_file_perms;
diff --git a/private/shell.te b/private/shell.te
index c0b4ee5a7..fbd9676a7 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -7,6 +7,9 @@ allow shell tracing_shell_writable:file rw_file_perms;
 allow shell debugfs_trace_marker:file getattr;
 allow shell atrace_exec:file rx_file_perms;
 
+# read config.gz for CTS purposes
+allow shell config_gz:file r_file_perms;
+
 userdebug_or_eng(`
   allow shell tracing_shell_writable_debug:file rw_file_perms;
 ')
-- 
GitLab