From 657470ac46315dc4296bb2bab8a75588d8478024 Mon Sep 17 00:00:00 2001
From: Joel Galenson <jgalenson@google.com>
Date: Wed, 5 Dec 2018 11:01:04 -0800
Subject: [PATCH] Allow dumpstate to call idmap over binder

This prevents denials while taking a bugreport.

Bug: 116711254
Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t
android.security.cts.SELinuxHostTest#testNoBugreportDenials

Change-Id: I5414141a1557d71e3ac0cf5bc89529685e9069c3
---
 private/dumpstate.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/private/dumpstate.te b/private/dumpstate.te
index 5cba2cdf9..4f3dda6aa 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -34,6 +34,9 @@ binder_call(dumpstate, statsd)
 # Allow dumpstate to talk to gpuservice over binder
 binder_call(dumpstate, gpuservice);
 
+# Allow dumpstate to talk to idmap over binder
+binder_call(dumpstate, idmap);
+
 # Collect metrics on boot time created by init
 get_prop(dumpstate, boottime_prop)
 
-- 
GitLab