From e1ee768a97f41a8b925e9cdd74108f6962cffde0 Mon Sep 17 00:00:00 2001
From: Kangping Dong <wgtdkp@google.com>
Date: Fri, 1 Dec 2023 13:02:38 +0800
Subject: [PATCH] Fix dumpstate denials related to ot_daemon

Bug: 313794601
Test: atest android.security.cts.SELinuxHostTest#testNoBugreportDenials
Change-Id: I5dfa427e3c7ad99ec21392d2f219f14b66dd6256
---
 private/dumpstate.te | 4 ++++
 private/ot_daemon.te | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/private/dumpstate.te b/private/dumpstate.te
index a40d73c19..1faedb45f 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -62,6 +62,9 @@ binder_call(dumpstate, automotive_display_service)
 # Allow dumpstate to talk to virtual_camera service over binder
 binder_call(dumpstate, virtual_camera)
 
+# Allow dumpstate to talk to ot_daemon service over binder
+binder_call(dumpstate, ot_daemon)
+
 # Collect metrics on boot time created by init
 get_prop(dumpstate, boottime_prop)
 
@@ -71,6 +74,7 @@ allow dumpstate {
   statsd
   netd
   virtual_camera
+  ot_daemon
 }:process signal;
 
 # Only allow dumpstate to dump Keystore on debuggable builds.
diff --git a/private/ot_daemon.te b/private/ot_daemon.te
index 066d3d583..457e1bf2c 100644
--- a/private/ot_daemon.te
+++ b/private/ot_daemon.te
@@ -32,3 +32,7 @@ binder_call(ot_daemon, system_server)
 
 # Allow OT daemon to write to statsd
 unix_socket_send(ot_daemon, statsdw, statsd)
+
+# For collecting bugreports.
+allow ot_daemon dumpstate:fd use;
+allow ot_daemon dumpstate:fifo_file write;