Merge "Add dropbox entries as files to dumpstate ZIP."
diff --git a/private/domain.te b/private/domain.te
index 4ad7298..b858d4e 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -223,8 +223,18 @@
# System_server owns dropbox data, and init creates/restorecons the directory
# Disallow direct access by other processes.
-neverallow { domain -init -system_server } dropbox_data_file:dir *;
-neverallow { domain -init -system_server } dropbox_data_file:file ~{ getattr read };
+neverallow {
+ domain
+ -init
+ -system_server
+ userdebug_or_eng(`-dumpstate')
+} dropbox_data_file:dir *;
+neverallow {
+ domain
+ -init
+ -system_server
+ userdebug_or_eng(`-dumpstate')
+} dropbox_data_file:file ~{ getattr read };
###
# Services should respect app sandboxes
@@ -744,4 +754,4 @@
neverallow { domain -init } mtectrl:process { dyntransition transition };
# For now, don't allow processes other than gmscore to access /data/misc_ce/<userid>/checkin
-neverallow { domain -gmscore_app -init -vold_prepare_subdirs } checkin_data_file:{dir file} *;
\ No newline at end of file
+neverallow { domain -gmscore_app -init -vold_prepare_subdirs } checkin_data_file:{dir file} *;
diff --git a/private/dumpstate.te b/private/dumpstate.te
index fe442b3..850b0d8 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -27,6 +27,12 @@
allow dumpstate wm_trace_data_file:file r_file_perms;
')
+# /data/system/dropbox for dropbox entries
+userdebug_or_eng(`
+ allow dumpstate dropbox_data_file:dir r_dir_perms;
+ allow dumpstate dropbox_data_file:file r_file_perms;
+')
+
# Allow dumpstate to make binder calls to incidentd
binder_call(dumpstate, incidentd)