Merge changes Icb6ea6ce,I89b546c7

am: 4bd0c6fc

Change-Id: Iacb037f79b4af9c2024fbb54484205b0bc2753c9

public/dumpstate.te

@@ -151,6 +151,7 @@ control_logd(dumpstate)
 read_runtime_log_tags(dumpstate)
 
 # Read files in /proc
+allow dumpstate proc_cmdline:file r_file_perms;
 allow dumpstate proc_meminfo:file r_file_perms;
 allow dumpstate proc_net:file r_file_perms;
 allow dumpstate proc_pagetypeinfo:file r_file_perms;
@@ -198,6 +199,16 @@ allow dumpstate {
   -vold_service
   -vr_hwc_service
 }:service_manager find;
+# suppress denials for services dumpstate should not be accessing.
+dontaudit dumpstate {
+  dumpstate_service
+  gatekeeper_service
+  incident_service
+  virtual_touchpad_service
+  vold_service
+  vr_hwc_service
+}:service_manager find;
+
 allow dumpstate servicemanager:service_manager list;
 allow dumpstate hwservicemanager:hwservice_manager list;
 

public/shell.te

@@ -106,12 +106,13 @@ allow shell dumpstate:binder call;
 hwbinder_use(shell)
 allow shell hwservicemanager:hwservice_manager list;
 
-# allow shell to look through /proc/ for ps, top, netstat
+# allow shell to look through /proc/ for lsmod, ps, top, netstat.
 r_dir_file(shell, proc)
 r_dir_file(shell, proc_net)
 allow shell proc_filesystems:file r_file_perms;
 allow shell proc_interrupts:file r_file_perms;
 allow shell proc_meminfo:file r_file_perms;
+allow shell proc_modules:file r_file_perms;
 allow shell proc_stat:file r_file_perms;
 allow shell proc_timer:file r_file_perms;
 allow shell proc_zoneinfo:file r_file_perms;