From 1c0c0102610352e17c6e680de7a48cea95f6f4d0 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Thu, 6 Mar 2014 14:47:22 -0500
Subject: [PATCH] Allow system_app to start bugreport and to create
 /data/anr/traces.txt.

Resolves denials such as:

avc:  denied  { set } for property =ctl.bugreport scontext=u:r:system_app:s0 tcontext=u:object_r:ctl_default_prop:s0 tclass=property_service

avc:  denied  { write } for  pid=4415 comm=5369676E616C2043617463686572 name="anr" dev="dm-0" ino=358337 scontext=u:r:system_app:s0 tcontext=u:object_r:anr_data_file:s0 tclass=dir

avc:  denied  { add_name } for  pid=4415 comm=5369676E616C2043617463686572 name="traces.txt" scontext=u:r:system_app:s0 tcontext=u:object_r:anr_data_file:s0 tclass=dir

avc:  denied  { create } for  pid=4415 comm=5369676E616C2043617463686572 name="traces.txt" scontext=u:r:system_app:s0 tcontext=u:object_r:anr_data_file:s0 tclass=file

Change-Id: I71d0ede049136d72f28bdc85d52fcefa2f7d128f
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 property.te       | 1 +
 property_contexts | 1 +
 system_app.te     | 5 +++++
 3 files changed, 7 insertions(+)

diff --git a/property.te b/property.te
index 9c6233c9e..c1dc2549c 100644
--- a/property.te
+++ b/property.te
@@ -9,6 +9,7 @@ type rild_prop, property_type;
 type ctl_default_prop, property_type;
 type ctl_dumpstate_prop, property_type;
 type ctl_rildaemon_prop, property_type;
+type ctl_bugreport_prop, property_type;
 type audio_prop, property_type;
 type security_prop, property_type;
 type bluetooth_prop, property_type;
diff --git a/property_contexts b/property_contexts
index 12fd108d0..08874c552 100644
--- a/property_contexts
+++ b/property_contexts
@@ -54,4 +54,5 @@ crypto.                 u:object_r:vold_prop:s0
 # ctl properties
 ctl.dumpstate           u:object_r:ctl_dumpstate_prop:s0
 ctl.ril-daemon          u:object_r:ctl_rildaemon_prop:s0
+ctl.bugreport           u:object_r:ctl_bugreport_prop:s0
 ctl.                    u:object_r:ctl_default_prop:s0
diff --git a/system_app.te b/system_app.te
index 60398a2e8..25da88a39 100644
--- a/system_app.te
+++ b/system_app.te
@@ -25,3 +25,8 @@ unix_socket_connect(system_app, property, init)
 allow system_app debug_prop:property_service set;
 allow system_app radio_prop:property_service set;
 allow system_app system_prop:property_service set;
+allow system_app ctl_bugreport_prop:property_service set;
+
+# Create /data/anr/traces.txt.
+allow system_app anr_data_file:dir ra_dir_perms;
+allow system_app anr_data_file:file create_file_perms;
-- 
GitLab