Skip to content
Snippets Groups Projects
Commit bfbe96ac authored by Tim Kryger's avatar Tim Kryger Committed by Gerrit Code Review
Browse files

Merge "Fix selinux denials during bugreport"

parents 275f6dd5 b7e1f2dd
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 14 additions and 0 deletions
public/dumpstate.te
+ 14
0
View file @ bfbe96ac
...@@ -214,6 +214,20 @@ allow dumpstate ion_device:chr_file r_file_perms; ...@@ -214,6 +214,20 @@ allow dumpstate ion_device:chr_file r_file_perms;
# read default labeled files in /sys # read default labeled files in /sys
r_dir_file(dumpstate, sysfs) r_dir_file(dumpstate, sysfs)
# Allow dumpstate to run top
allow dumpstate proc_stat:file r_file_perms;
# Allow dumpstate to read backlight details
allow dumpstate sysfs_leds:lnk_file r_file_perms;
allow dumpstate sysfs_leds:file r_file_perms;
allow dumpstate sysfs_leds:dir search;
# Allow dumpstate to talk to installd over binder
binder_call(dumpstate, installd);
# Allow dumpstate to run ip xfrm policy
allow dumpstate self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_read };
### ###
### neverallow rules ### neverallow rules
### ###
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment