diff options
| author | Nick Kralevich <nnk@google.com> | 2013-12-19 18:18:32 -0800 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2013-12-19 18:18:32 -0800 |
| commit | 515389001d68d201fbe325d8454a9916cad326ca (patch) | |
| tree | 734e40b449bbc287d5e99dcc439a7a1588297335 /binderservicedomain.te | |
| parent | 13e44ec74d326463213c4c01963c776a699467cb (diff) | |
| download | android_external_sepolicy-515389001d68d201fbe325d8454a9916cad326ca.tar.gz android_external_sepolicy-515389001d68d201fbe325d8454a9916cad326ca.tar.bz2 android_external_sepolicy-515389001d68d201fbe325d8454a9916cad326ca.zip | |
Allow dumpsys
Allow adb shell to run dumpsys.
Addresses the following denials:
23.720402 type=1400 audit(1387473582.512:12): avc: denied { read write } for pid=1469 comm="dumpsys" path="/dev/pts/0" dev="devpts" ino=3 scontext=u:r:system_server:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file
23.862719 type=1400 audit(1387473582.652:13): avc: denied { getattr } for pid=696 comm="Binder_3" path="/dev/pts/0" dev="devpts" ino=3 scontext=u:r:system_server:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file
Change-Id: I6c56f9267d769d579514dca3cfde8d5a99170456
Diffstat (limited to 'binderservicedomain.te')
| -rw-r--r-- | binderservicedomain.te | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/binderservicedomain.te b/binderservicedomain.te index a67d585..cf2943d 100644 --- a/binderservicedomain.te +++ b/binderservicedomain.te @@ -1,5 +1,8 @@ # Rules common to all binder service domains -# Alow dumpstate to collect information from binder services +# Allow dumpstate to collect information from binder services allow binderservicedomain dumpstate:fd use; allow binderservicedomain dumpstate:unix_stream_socket { read write getopt getattr }; + +# Allow dumpsys to work from adb shell +allow binderservicedomain devpts:chr_file rw_file_perms; |