Allow dumpstate to read symlink under dalvik-cache

This fixes the following policy violation: avc: denied { read } pid=30295 comm="app_process" tcontext=u:object_r:dalvikcache_data_file:s0 scontext=u:r:dumpstate:s0 tclass=lnk_file permissive=0 ppid=26813 pcomm="dumpstate" pgid=26813 pgcomm="dumpstate" See 0e32726 in app.te for a symmetrical change. Change-Id: Iecbccd5fd0046ec193f08b26f9db618dee7a80c1

Allow dumpstate to read symlink under dalvik-cache
This fixes the following policy violation: avc: denied { read } pid=30295 comm="app_process" tcontext=u:object_r:dalvikcache_data_file:s0 scontext=u:r:dumpstate:s0 tclass=lnk_file permissive=0 ppid=26813 pcomm="dumpstate" pgid=26813 pgcomm="dumpstate" See 0e32726 in app.te for a symmetrical change. Change-Id: Iecbccd5fd0046ec193f08b26f9db618dee7a80c1
9103c975 · Kazuki Nakayama · Johan Redestig · 983e2afe · 9103c975
Commit 9103c975 authored 10 years ago by Kazuki Nakayama Committed by Johan Redestig 9 years ago
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -88,6 +88,7 @@ allow dumpstate dumpstate_tmpfs:file execute;
 allow dumpstate self:process execmem;
 # For art.
 allow dumpstate dalvikcache_data_file:file execute;
+allow dumpstate dalvikcache_data_file:lnk_file r_file_perms;
 # Dumpstate calls screencap, which grabs a screenshot. Needs gpu access
 allow dumpstate gpu_device:chr_file rw_file_perms;