From 4ea5709bc439346534ba06dd96e51f92ce02eb12 Mon Sep 17 00:00:00 2001
From: Hridya Valsaraju <hridya@google.com>
Date: Sun, 9 Feb 2020 15:12:09 -0800
Subject: [PATCH] Allow dumpstate access to /dev/binderfs/binder_logs

These permissions allow dumpstate to access binder logs
from /dev/binderfs.
avc: denied { read } for name="binder_logs" dev="binder" ino=1048580
scontext=u:r:dumpstate:s0 tcontext=u:object_r:binderfs_logs:s0 tclass=dir permissive=0
avc: denied { read } for comm="dumpstate" name="failed_transaction_log"
dev="binder" ino=1048585 scontext=u:r:dumpstate:s0
tcontext=u:object_r:binderfs_logs:s0 tclass=file permissive=1
avc: denied { open } for comm="dumpstate"
path="/dev/binderfs/binder_logs/failed_transaction_log"
dev="binder" ino=1048585 scontext=u:r:dumpstate:s0
tcontext=u:object_r:binderfs_logs:s0 tclass=file permissive=1
avc: denied { getattr } for comm="dumpstate"
path="/dev/binderfs/binder_logs/failed_transaction_log"
dev="binder" ino=1048585 scontext=u:r:dumpstate:s0
tcontext=u:object_r:binderfs_logs:s0 tclass=file permissive=1

Test: adb shell dumpstate
Bug: 136497735
Change-Id: I5ff7223e431aab9baa3527570fff2da71ab6feb0
---
 public/dumpstate.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/public/dumpstate.te b/public/dumpstate.te
index 3f11b6a10..4e6cacc61 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -324,6 +324,10 @@ set_prop(dumpstate, ctl_dumpstate_prop)
 allow dumpstate snapshotctl_log_data_file:dir r_dir_perms;
 allow dumpstate snapshotctl_log_data_file:file r_file_perms;
 
+#Allow access to /dev/binderfs/binder_logs
+allow dumpstate binderfs_logs:dir r_dir_perms;
+allow dumpstate binderfs_logs:file r_file_perms;
+
 ###
 ### neverallow rules
 ###