From bb9b4dd895f2be24f3a49444bf11470bfaf3dcc3 Mon Sep 17 00:00:00 2001
From: Lorenzo Colitti <lorenzo@google.com>
Date: Mon, 26 Sep 2016 13:39:43 +0900
Subject: [PATCH] Allow dumpstate to run ss.

(cherry picked from commit 63c7ad6efbf2e64a8e5d41be581d769cf6c5c413)

Bug: 23113288
Test: see http://ag/1476096
Change-Id: I3beb21f1af092c93eceb3d5115f823c1b993727d
---
 dumpstate.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/dumpstate.te b/dumpstate.te
index 29695b7dd..dd0a7e080 100644
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -141,6 +141,9 @@ control_logd(dumpstate)
 allow dumpstate net_data_file:dir search;
 allow dumpstate net_data_file:file r_file_perms;
 
+# List sockets via ss.
+allow dumpstate self:netlink_tcpdiag_socket { create_socket_perms nlmsg_read };
+
 # Access /data/tombstones.
 allow dumpstate tombstone_data_file:dir r_dir_perms;
 allow dumpstate tombstone_data_file:file r_file_perms;