Merge "Adding policies for KeyStore MAC."
diff --git a/dumpstate.te b/dumpstate.te
index e4d6dc9..2221222 100644
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -49,8 +49,8 @@
# This list comes from native_processes_to_dump in dumpstate/utils.c
allow dumpstate { drmserver mediaserver sdcardd surfaceflinger }:process signal;
-# The vdc command needs to talk to the vold socket.
-unix_socket_connect(dumpstate, vold, vold)
+# Execute and transition to the vdc domain
+domain_auto_trans(dumpstate, vdc_exec, vdc)
# Vibrate the device after we're done collecting the bugreport
# /sys/class/timed_output/vibrator/enable
diff --git a/service.te b/service.te
index 650ac13..c085c79 100644
--- a/service.te
+++ b/service.te
@@ -1,3 +1,4 @@
+type bluetooth_service, service_manager_type;
type default_android_service, service_manager_type;
type drmserver_service, service_manager_type;
type healthd_service, service_manager_type;
diff --git a/service_contexts b/service_contexts
index b14aa1c..540725e 100644
--- a/service_contexts
+++ b/service_contexts
@@ -9,12 +9,16 @@
audio u:object_r:system_server_service:s0
backup u:object_r:system_server_service:s0
batteryproperties u:object_r:healthd_service:s0
+batterypropreg u:object_r:healthd_service:s0
batterystats u:object_r:system_server_service:s0
battery u:object_r:system_server_service:s0
bluetooth_manager u:object_r:system_server_service:s0
+bluetooth u:object_r:bluetooth_service:s0
clipboard u:object_r:system_server_service:s0
com.android.internal.telephony.mms.IMms u:object_r:system_server_service:s0
commontime_management u:object_r:system_server_service:s0
+common_time.clock u:object_r:mediaserver_service:s0
+common_time.config u:object_r:mediaserver_service:s0
connectivity u:object_r:system_server_service:s0
consumer_ir u:object_r:system_server_service:s0
content u:object_r:system_server_service:s0
@@ -68,6 +72,9 @@
power u:object_r:system_server_service:s0
print u:object_r:system_server_service:s0
procstats u:object_r:system_server_service:s0
+radio.phonesubinfo u:object_r:radio_service:s0
+radio.phone u:object_r:radio_service:s0
+radio.sms u:object_r:radio_service:s0
restrictions u:object_r:system_server_service:s0
samplingprofiler u:object_r:system_server_service:s0
scheduling_policy u:object_r:system_server_service:s0
diff --git a/vdc.te b/vdc.te
index a5ca2f2..8b6a93a 100644
--- a/vdc.te
+++ b/vdc.te
@@ -1,6 +1,9 @@
# vdc spawned from init for the following services:
# defaultcrypto
# encrypt
+#
+# We also transition into this domain from dumpstate, when
+# collecting bug reports.
type vdc, domain;
type vdc_exec, exec_type, file_type;
@@ -8,3 +11,13 @@
init_daemon_domain(vdc)
unix_socket_connect(vdc, vold, vold)
+
+# vdc sends information back to dumpstate when "adb bugreport" is used
+allow vdc dumpstate:fd use;
+allow vdc dumpstate:unix_stream_socket { read write getattr };
+
+# vdc information is written to shell owned bugreport files
+allow vdc shell_data_file:file { write getattr };
+
+# Why?
+allow vdc dumpstate:unix_dgram_socket { read write };