From 8950e7a25b7c082e2b19c624cdb69a19aebd9f46 Mon Sep 17 00:00:00 2001
From: Rambo Wang <rambowang@google.com>
Date: Wed, 12 Feb 2020 19:06:04 -0800
Subject: [PATCH] Allow system_app to interact with Dumpstate HAL

To let end user enable/disable the verbose vender logging,
a developer option is added into Settings app which need
directly interact with Dumpstate HAL. In the future, the
same function may be added into SystemUI, eg. as a
QuickSettings tile.

To allow both Settings app and system.ui, system_app is
the best candidate for the sepolicy change.

Bug: 148822215
Test: make && make RunSettingsRoboTests
Change-Id: Ic6ef497505719e07cc37518b78c9dc146cda2d2c
---
 private/system_app.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/private/system_app.te b/private/system_app.te
index e5d7d1845..9e2569649 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -78,6 +78,9 @@ binder_call(system_app, incidentd)
 # Allow system apps to interact with gpuservice
 binder_call(system_app, gpuservice)
 
+# Allow system app to interact with Dumpstate HAL
+hal_client_domain(system_app, hal_dumpstate)
+
 allow system_app servicemanager:service_manager list;
 # TODO: scope this down? Too broad?
 allow system_app {