From 5919d1c86a2a1fea52f840ab30709048bd63f1f5 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Mon, 15 Jul 2013 11:41:24 -0700
Subject: [PATCH] domain.te: Temporarily work around debuggerd connection bug

For some reason, the debuggerd socket isn't getting properly
labeled. Work around this bug for now by allowing all domains
to connect to all unix stream sockets.

Bug: 9858255
Change-Id: If994e51b0201ea8cae46341efc76dc71a4e577c8
---
 domain.te | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/domain.te b/domain.te
index 4cf20eadb..ed519d474 100644
--- a/domain.te
+++ b/domain.te
@@ -30,9 +30,14 @@ allow domain adbd:unix_stream_socket connectto;
 allow domain adbd:fd use;
 allow domain adbd:unix_stream_socket { getattr read write shutdown };
 
-# Talk to debuggerd.
+###
+### Talk to debuggerd.
+###
 allow domain debuggerd:process sigchld;
 allow domain debuggerd:unix_stream_socket connectto;
+# b/9858255 - debuggerd sockets are not getting properly labeled.
+# TODO: Remove this temporary workaround.
+allow domain init:unix_stream_socket connectto;
 
 # Root fs.
 allow domain rootfs:dir r_dir_perms;
-- 
GitLab