commit b9903cca400bfb64b6d5d942ac7e86569044f816
author Adam Shih <adamshih@google.com> Fri Sep 23 10:34:21 2022 +0800
committer Adam Shih <adamshih@google.com> Fri Sep 23 14:06:28 2022 +0800
tree 46efed25eb3044a9769566ef8a31e55d7f64168e
parent f96916a4eb9470280bfd38c3ce1550d88f19730b

create a macro for files under vendor/bin/dump

Bug: 240530709
Test: adb bugreport
Change-Id: Id4990e2375c4cf60c0319c62fdbe639078cc7a86

common/vendor/te_macros

diff --git a/common/vendor/te_macros b/common/vendor/te_macros
new file mode 100644
index 0000000..c9a9c04
--- /dev/null
+++ b/common/vendor/te_macros
@@ -0,0 +1,17 @@
+#####################################
+# pixel_bugreport(domain_name)
+# Defines a new domain for executables under /vendor/bin/dump
+# Grants permissions to interact with dumpstate and write to bugreport.
+# See go/pixel-defrag for more details.
+define(`pixel_bugreport', `
+type $1, domain;
+type $1_exec, exec_type, vendor_file_type, file_type;
+typeattribute $1 hal_dumpstate;
+domain_auto_trans(hal_dumpstate_default, $1_exec, $1)
+
+allow $1 dumpstate:fd use;
+allow $1 dumpstate:fifo_file { write getattr };
+allow $1 hal_dumpstate_default:fd use;
+allow $1 shell_data_file:file { write getattr };
+')
+