From 3fa95acb1e3219652aa0f8d2a9269a9a785ef3b2 Mon Sep 17 00:00:00 2001
From: Andreas Gampe <agampe@google.com>
Date: Fri, 12 Jan 2018 09:39:20 -0800
Subject: [PATCH] Sepolicy: Allow perfprofd to contact dropbox

Give rights to call dropbox via binder.

Test: m
Test: manual
Change-Id: I968c432a27bc8fbe677a2dd03671908d555f9df6
---
 public/perfprofd.te | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/public/perfprofd.te b/public/perfprofd.te
index 1f4de3163..d4062aaf9 100644
--- a/public/perfprofd.te
+++ b/public/perfprofd.te
@@ -111,7 +111,11 @@ userdebug_or_eng(`
   allow perfprofd su:unix_stream_socket { read write getattr sendto };
   allow perfprofd su:fifo_file r_file_perms;
 
-  # For now, only allow su to communicate with us.
+  # Allow perfprofd to submit to dropbox.
+  allow perfprofd dropbox_service:service_manager find;
+  allow perfprofd system_server:binder call;
+
+  # Only servicemanager, su and systemserver can communicate.
   neverallow domain perfprofd:binder call;
-  neverallow perfprofd { domain -servicemanager -su }:binder call;
+  neverallow perfprofd { domain -servicemanager -su -system_server }:binder call;
 ')
-- 
GitLab