From 33ded4a69b951e96ad834eb28bb58d402ba2a664 Mon Sep 17 00:00:00 2001
From: Joel Galenson <jgalenson@google.com>
Date: Mon, 22 Oct 2018 12:39:28 -0700
Subject: [PATCH] Allow dumpstate to call mediaswcodec over binder

This prevents denials while taking a bugreport.

Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t
android.security.cts.SELinuxHostTest#testNoBugreportDenials

Change-Id: I381b39fa127f82fcef5d820a04209fd1ba4f63cd
---
 public/dumpstate.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/public/dumpstate.te b/public/dumpstate.te
index 3b5c5eb29..72e2176ec 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -278,6 +278,9 @@ dontaudit dumpstate apex_mnt_dir:dir getattr;
 # Allow dumpstate to talk to bufferhubd over binder
 binder_call(dumpstate, bufferhubd);
 
+# Allow dumpstate to talk to mediaswcodec over binder
+binder_call(dumpstate, mediaswcodec);
+
 # Allow dumpstate to kill vendor dumpstate service by init
 set_prop(dumpstate, ctl_dumpstate_prop)
 
-- 
GitLab