Allow system_app to start bugreport and to create /data/anr/traces.txt.
Resolves denials such as:
avc: denied { set } for property =ctl.bugreport scontext=u:r:system_app:s0 tcontext=u:object_r:ctl_default_prop:s0 tclass=property_service
avc: denied { write } for pid=4415 comm=5369676E616C2043617463686572 name="anr" dev="dm-0" ino=358337 scontext=u:r:system_app:s0 tcontext=u:object_r:anr_data_file:s0 tclass=dir
avc: denied { add_name } for pid=4415 comm=5369676E616C2043617463686572 name="traces.txt" scontext=u:r:system_app:s0 tcontext=u:object_r:anr_data_file:s0 tclass=dir
avc: denied { create } for pid=4415 comm=5369676E616C2043617463686572 name="traces.txt" scontext=u:r:system_app:s0 tcontext=u:object_r:anr_data_file:s0 tclass=file
Change-Id: I71d0ede049136d72f28bdc85d52fcefa2f7d128f
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
diff --git a/property.te b/property.te
index 9c6233c..c1dc254 100644
--- a/property.te
+++ b/property.te
@@ -9,6 +9,7 @@
type ctl_default_prop, property_type;
type ctl_dumpstate_prop, property_type;
type ctl_rildaemon_prop, property_type;
+type ctl_bugreport_prop, property_type;
type audio_prop, property_type;
type security_prop, property_type;
type bluetooth_prop, property_type;
diff --git a/property_contexts b/property_contexts
index 12fd108..08874c5 100644
--- a/property_contexts
+++ b/property_contexts
@@ -54,4 +54,5 @@
# ctl properties
ctl.dumpstate u:object_r:ctl_dumpstate_prop:s0
ctl.ril-daemon u:object_r:ctl_rildaemon_prop:s0
+ctl.bugreport u:object_r:ctl_bugreport_prop:s0
ctl. u:object_r:ctl_default_prop:s0
diff --git a/system_app.te b/system_app.te
index 60398a2..25da88a 100644
--- a/system_app.te
+++ b/system_app.te
@@ -25,3 +25,8 @@
allow system_app debug_prop:property_service set;
allow system_app radio_prop:property_service set;
allow system_app system_prop:property_service set;
+allow system_app ctl_bugreport_prop:property_service set;
+
+# Create /data/anr/traces.txt.
+allow system_app anr_data_file:dir ra_dir_perms;
+allow system_app anr_data_file:file create_file_perms;