From e7d136738fcd90346839b373bf3404d70c5334eb Mon Sep 17 00:00:00 2001
From: Christopher Ferris <cferris@google.com>
Date: Fri, 12 Sep 2014 21:59:05 -0700
Subject: [PATCH] Allow dumpstate to read /system/bin executables.

On 64 bit systems, it's necessary to read the /system/bin executables
elf header to determine if it's a 32 bit or 64 bit executable to
contact the correct debuggerd service.

Bug: 17487122

(cherry picked from commit 04f3d79077fca1d11097895f0f6dbd57b4afa6d0)

Change-Id: Ib7835ffac1811a5aef54a250689287c1666720ef
---
 dumpstate.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/dumpstate.te b/dumpstate.te
index e6128e936..63b323ace 100644
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -103,6 +103,9 @@ allow dumpstate net_data_file:file r_file_perms;
 allow dumpstate tombstone_data_file:dir r_dir_perms;
 allow dumpstate tombstone_data_file:file r_file_perms;
 
+# Access /system/bin executables to determine type of executable.
+allow dumpstate {drmserver_exec mediaserver_exec sdcardd_exec surfaceflinger_exec}:file r_file_perms;
+
 service_manager_local_audit_domain(dumpstate)
 auditallow dumpstate {
     service_manager_type
-- 
GitLab