Allow dumpstate to exec derive_sdk derive_sdk is used to configure installed SDK extensions. It can also print debug information about these. Allow dumpstate to execute derive_sdk, to include the debug information in bugreports. Bug: 240656777 Test: adb bugreport /tmp/bugreport.zip && unzip -c /tmp/bugreport.zip bugreport*.txt | grep -i 'sdk extensions' Change-Id: I0f502f9f94a376dff2e7eb821f7bf753de2d5482

commit: 098e9094c361762857944c7210d3d07004ac5bb8 [log] [tgz]
author: Mårten Kongstad <amhk@google.com> Tue Sep 20 14:19:30 2022 +0200
committer: Mårten Kongstad <amhk@google.com> Wed Sep 28 14:26:46 2022 +0200
tree: 01d89be5fe4eb32851d96f34461abc7b4fefd514
parent: c4f84bcb379aace2d19f3bcaf3c896bd82d700c6 [diff] [blame]
diff --git a/private/dumpstate.te b/private/dumpstate.te
index 149d389..ee59cb7 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te

@@ -123,3 +123,6 @@
 
 # system_dlkm_file for /system_dlkm partition
 allow dumpstate system_dlkm_file:dir getattr;
+
+# Allow dumpstate to execute derive_sdk in its own domain
+domain_auto_trans(dumpstate, derive_sdk_exec, derive_sdk)
commit	098e9094c361762857944c7210d3d07004ac5bb8	[log] [tgz]
author	Mårten Kongstad <amhk@google.com>	Tue Sep 20 14:19:30 2022 +0200
committer	Mårten Kongstad <amhk@google.com>	Wed Sep 28 14:26:46 2022 +0200
tree	01d89be5fe4eb32851d96f34461abc7b4fefd514
parent	c4f84bcb379aace2d19f3bcaf3c896bd82d700c6 [diff] [blame]