From 7897e0f6ca092d72c1495cc10975ffbcdad45359 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Wed, 19 Jan 2022 11:49:45 +0800 Subject: [PATCH] Be able to dump ramdump info Bug: 208721677 Bug: 208909124 Test: do adb bugreport with no relevant error log Change-Id: I0cd8ca483df669505f11ff6fdd19cc15cb9959e1 --- tracking_denials/hal_dumpstate_default.te | 2 -- whitechapel_pro/hal_dumpstate_default.te | 6 ++++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/tracking_denials/hal_dumpstate_default.te b/tracking_denials/hal_dumpstate_default.te index 7cb91199..dd988819 100644 --- a/tracking_denials/hal_dumpstate_default.te +++ b/tracking_denials/hal_dumpstate_default.te @@ -8,9 +8,7 @@ dontaudit hal_dumpstate_default debugfs_f2fs:file { open }; dontaudit hal_dumpstate_default debugfs_f2fs:file { read }; dontaudit hal_dumpstate_default debugfs:file { open }; dontaudit hal_dumpstate_default debugfs:file { read }; -dontaudit hal_dumpstate_default mnt_vendor_file:dir { search }; dontaudit hal_dumpstate_default property_type:file *; -dontaudit hal_dumpstate_default ramdump_vendor_mnt_file:dir { search }; dontaudit hal_dumpstate_default shell_data_file:file { getattr }; dontaudit hal_dumpstate_default sscoredump_vendor_data_crashinfo_file:dir { open read }; dontaudit hal_dumpstate_default sscoredump_vendor_data_crashinfo_file:dir search; diff --git a/whitechapel_pro/hal_dumpstate_default.te b/whitechapel_pro/hal_dumpstate_default.te index 86b6797e..70319abc 100644 --- a/whitechapel_pro/hal_dumpstate_default.te +++ b/whitechapel_pro/hal_dumpstate_default.te @@ -26,3 +26,9 @@ allow hal_dumpstate_default sysfs_touch:file rw_file_perms; allow hal_dumpstate_default vendor_displaycolor_service:service_manager find; binder_call(hal_dumpstate_default, hal_graphics_composer_default); vndbinder_use(hal_dumpstate_default) + +userdebug_or_eng(` + allow hal_dumpstate_default mnt_vendor_file:dir search; + allow hal_dumpstate_default ramdump_vendor_mnt_file:dir search; + allow hal_dumpstate_default ramdump_vendor_mnt_file:file r_file_perms; +')