From 9fb184dd39ebdab25a5d11219f6d89fbf696c932 Mon Sep 17 00:00:00 2001
From: Joel Galenson <jgalenson@google.com>
Date: Mon, 11 Feb 2019 08:32:55 -0800
Subject: [PATCH] Fix denials seen during user bugreports.

Bug: 116711254
Bug: 123540375
Test: Build
Change-Id: I118d74f1590669ab535faeb84a0f44592055050a
---
 sepolicy/vendor/dumpstate.te          | 1 +
 sepolicy/vendor/hal_dumpstate_impl.te | 3 +--
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/sepolicy/vendor/dumpstate.te b/sepolicy/vendor/dumpstate.te
index 6892e27f..a736369e 100644
--- a/sepolicy/vendor/dumpstate.te
+++ b/sepolicy/vendor/dumpstate.te
@@ -14,4 +14,5 @@ userdebug_or_eng(`
 allow dumpstate sysfs_scsi_devices_0000:file r_file_perms;
 allow dumpstate sysfs_scsi_devices_other:file r_file_perms;
 allow dumpstate sysfs_devices_block:file r_file_perms;
+dontaudit dumpstate persist_file:dir r_dir_perms;
 dontaudit dumpstate kernel:system module_request;
diff --git a/sepolicy/vendor/hal_dumpstate_impl.te b/sepolicy/vendor/hal_dumpstate_impl.te
index 39a89957..ccd39691 100644
--- a/sepolicy/vendor/hal_dumpstate_impl.te
+++ b/sepolicy/vendor/hal_dumpstate_impl.te
@@ -17,8 +17,6 @@ userdebug_or_eng(`
   allow hal_dumpstate_impl netmgr_data_file:dir r_dir_perms;
   allow hal_dumpstate_impl radio_vendor_data_file:file r_file_perms;
   allow hal_dumpstate_impl netmgr_data_file:file r_file_perms;
-  allow hal_dumpstate_impl debugfs_ipc:dir r_dir_perms;
-  allow hal_dumpstate_impl debugfs_ipc:file r_file_perms;
   allow hal_dumpstate_impl debugfs_tzdbg:dir search;
   allow hal_dumpstate_impl debugfs_tzdbg:file r_file_perms;
   allow hal_dumpstate_impl sysfs_usb_device:dir r_dir_perms;
@@ -45,6 +43,7 @@ allow hal_dumpstate_impl debugfs_wlan:dir r_dir_perms;
 allow hal_dumpstate_impl debugfs_wlan:file r_file_perms;
 allow hal_dumpstate_impl debugfs_icnss:dir r_dir_perms;
 allow hal_dumpstate_impl debugfs_icnss:file r_file_perms;
+allow hal_dumpstate_impl debugfs_ipc:dir r_dir_perms;
 allow hal_dumpstate_impl debugfs_ipc:file r_file_perms;
 allow hal_dumpstate_impl proc_stat:file r_file_perms;
 allow hal_dumpstate_impl debugfs_ufs:dir r_dir_perms;