From 63c7ad6efbf2e64a8e5d41be581d769cf6c5c413 Mon Sep 17 00:00:00 2001
From: Lorenzo Colitti <lorenzo@google.com>
Date: Mon, 26 Sep 2016 13:39:43 +0900
Subject: [PATCH] Allow dumpstate to run ss.

Bug: 23113288
Change-Id: I123e5d40955358665800fe3b86cd5f8dbaeb8717
---
 dumpstate.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/dumpstate.te b/dumpstate.te
index dda8a5871..94e8ffddf 100644
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -136,6 +136,9 @@ control_logd(dumpstate)
 allow dumpstate net_data_file:dir search;
 allow dumpstate net_data_file:file r_file_perms;
 
+# List sockets via ss.
+allow dumpstate self:netlink_tcpdiag_socket { create_socket_perms nlmsg_read };
+
 # Access /data/tombstones.
 allow dumpstate tombstone_data_file:dir r_dir_perms;
 allow dumpstate tombstone_data_file:file r_file_perms;
-- 
GitLab