common/vendor/te_macros - android_hardware_google_pixel-sepolicy - Gitiles

 #####################################
 # pixel_bugreport(domain_name)
 # Defines a new domain for executables under /vendor/bin/dump
 # Grants permissions to interact with dumpstate and write to bugreport.
 # See go/pixel-defrag for more details.
 define(`pixel_bugreport', `
 type $1, domain;
 type $1_exec, exec_type, vendor_file_type, file_type;
 typeattribute $1 hal_dumpstate;
 domain_auto_trans(hal_dumpstate_default, $1_exec, $1)

 allow $1 dumpstate:fd use;
 allow $1 dumpstate:fifo_file { write getattr };
 allow $1 hal_dumpstate_default:fd use;
 allow $1 shell_data_file:file { write getattr };
 ')
	#####################################
	# pixel_bugreport(domain_name)
	# Defines a new domain for executables under /vendor/bin/dump
	# Grants permissions to interact with dumpstate and write to bugreport.
	# See go/pixel-defrag for more details.
	define(`pixel_bugreport', `
	type $1, domain;
	type $1_exec, exec_type, vendor_file_type, file_type;
	typeattribute $1 hal_dumpstate;
	domain_auto_trans(hal_dumpstate_default, $1_exec, $1)

	allow $1 dumpstate:fd use;
	allow $1 dumpstate:fifo_file { write getattr };
	allow $1 hal_dumpstate_default:fd use;
	allow $1 shell_data_file:file { write getattr };
	')