From 886ba9c9ff8ea118b7eadbd19d3a7048358ba5c8 Mon Sep 17 00:00:00 2001
From: Joel Galenson <jgalenson@google.com>
Date: Mon, 7 Jan 2019 12:45:56 -0800
Subject: [PATCH] Allow dumpstate to read some directories.

This prevents denials while taking a bugreport.

Bug: 116711254
Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t
android.security.cts.SELinuxHostTest#testNoBugreportDenials

Change-Id: I64f441eb66c355d03eaf7755f2e9d3e970305ecd
---
 public/dumpstate.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/public/dumpstate.te b/public/dumpstate.te
index 1c8bbb1e0..39ef87d85 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -205,6 +205,9 @@ userdebug_or_eng(`
   allow dumpstate misc_logd_file:file r_file_perms;
 ')
 
+allow dumpstate app_fuse_file:dir r_dir_perms;
+allow dumpstate overlayfs_file:dir r_dir_perms;
+
 allow dumpstate {
   service_manager_type
   -apex_service
-- 
GitLab