From cf741dd7ff562041d1cc5ed8a5cd0969ff03f200 Mon Sep 17 00:00:00 2001
From: Martijn Coenen <maco@google.com>
Date: Thu, 6 Apr 2017 17:29:49 -0700
Subject: [PATCH] Allow 'su' domain access to vndbinder.

For example, for listing vndbinder services
using 'adb shell service -v list'

Test: adb shell service -v list
Bug: 36987120
Change-Id: Ibf3050710720ae4c920bc4807c9a90ba43717f3b
---
 public/su.te | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/public/su.te b/public/su.te
index 8cb386d4b..f410c4d81 100644
--- a/public/su.te
+++ b/public/su.te
@@ -10,6 +10,9 @@ userdebug_or_eng(`
   # Add su to various domains
   net_domain(su)
 
+  # grant su access to vndbinder
+  vndbinder_use(su)
+
   dontaudit su self:capability_class_set *;
   dontaudit su kernel:security *;
   dontaudit su kernel:system *;
@@ -34,6 +37,8 @@ userdebug_or_eng(`
   dontaudit su property_type:property_service *;
   dontaudit su property_type:file *;
   dontaudit su service_manager_type:service_manager *;
+  dontaudit su hwservice_manager_type:hwservice_manager *;
+  dontaudit su vndservice_manager_type:vndservice_manager *;
   dontaudit su servicemanager:service_manager list;
   dontaudit su keystore:keystore_key *;
   dontaudit su domain:drmservice *;
-- 
GitLab