From c8ae8fa61680f4674b3eab99528e6cc2e40138f6 Mon Sep 17 00:00:00 2001
From: zhouwenjie <zhouwenjie@google.com>
Date: Fri, 25 Oct 2019 13:45:06 -0700
Subject: [PATCH] Enable incidentd access to ro.serialno

incident report contains similar data as in a bugreport, but in proto
format. Currently ro.serialno is not captured due to selinux settings.

Test: adb shell incident -p LOCAL 1000
Bug: 143372261
Change-Id: I6a89308c1347fba2ce4f7b469f9a02b119d4aeb7
---
 private/incidentd.te | 6 ++++++
 public/domain.te     | 1 +
 2 files changed, 7 insertions(+)

diff --git a/private/incidentd.te b/private/incidentd.te
index 0c57f0f0a..26f436ab0 100644
--- a/private/incidentd.te
+++ b/private/incidentd.te
@@ -150,6 +150,12 @@ allow incidentd { dumpstate incident }:fifo_file write;
 # Allow incident to call back to incident with status updates.
 binder_call(incidentd, incident)
 
+# Read device serial number from system properties
+# This is used to track reports from lab testing devices
+userdebug_or_eng(`
+  get_prop(incidentd, serialno_prop)
+')
+
 ###
 ### neverallow rules
 ###
diff --git a/public/domain.te b/public/domain.te
index 1773de5d4..9e9b02427 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -539,6 +539,7 @@ neverallow {
   -hal_camera_server
   -hal_cas_server
   -hal_drm_server
+  userdebug_or_eng(`-incidentd')
   -init
   -mediadrmserver
   -recovery