PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow dumpsys

Browse Source 
Allow adb shell to run dumpsys.

Addresses the following denials:

23.720402   type=1400 audit(1387473582.512:12): avc:  denied  { read write } for  pid=1469 comm="dumpsys" path="/dev/pts/0" dev="devpts" ino=3 scontext=u:r:system_server:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file
23.862719   type=1400 audit(1387473582.652:13): avc:  denied  { getattr } for  pid=696 comm="Binder_3" path="/dev/pts/0" dev="devpts" ino=3 scontext=u:r:system_server:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file

Change-Id: I6c56f9267d769d579514dca3cfde8d5a99170456
This commit is contained in:
Nick Kralevich 2013-12-19 18:18:32 -08:00
parent 13e44ec74d
commit 515389001d
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
binderservicedomain.te
View File

@ -1,5 +1,8 @@
# Rules common to all binder service domains
# Alow dumpstate to collect information from binder services
# Allow dumpstate to collect information from binder services
allow binderservicedomain dumpstate:fd use;
allow binderservicedomain dumpstate:unix_stream_socket { read write getopt getattr };
# Allow dumpsys to work from adb shell
allow binderservicedomain devpts:chr_file rw_file_perms;