commit 41f93db9dec4b6810cebf1436b5f98ff8934802a
author Joe Onorato <joeo@google.com> Sun Nov 20 23:23:04 2016 -0800
committer Joe Onorato <joeo@google.com> Tue Feb 07 15:52:07 2017 -0800
tree 28ee83266b6052551f395c6fa206ceb2ee4a10f8
parent 29dee5383e2686ae717fc9ab7e7de76563dfec72

Add incident command and incidentd daemon se policy.

Test: adb shell incident
Bug: 31122534
Change-Id: I4ac9c9ab86867f09b63550707673149fe60f1906

private/system_server.te

diff --git a/private/system_server.te b/private/system_server.te
index 66ea3de..d0483f5 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -172,6 +172,7 @@
 binder_call(system_server, hal_fingerprint)
 binder_call(system_server, gatekeeperd)
 binder_call(system_server, installd)
+binder_call(system_server, incidentd)
 binder_call(system_server, netd)
 binder_call(system_server, wificond)
 binder_service(system_server)
@@ -295,6 +296,10 @@
 allow system_server anr_data_file:dir create_dir_perms;
 allow system_server anr_data_file:file create_file_perms;
 
+# Read /data/misc/incidents - only read. The fd will be sent over binder,
+# with no DAC access to it, for dropbox to read.
+allow system_server incident_data_file:file read;
+
 # Manage /data/backup.
 allow system_server backup_data_file:dir create_dir_perms;
 allow system_server backup_data_file:file create_file_perms;
@@ -498,6 +503,7 @@
 allow system_server fingerprintd_service:service_manager find;
 allow system_server hal_fingerprint_service:service_manager find;
 allow system_server gatekeeper_service:service_manager find;
+allow system_server incident_service:service_manager find;
 allow system_server installd_service:service_manager find;
 allow system_server keystore_service:service_manager find;
 allow system_server mediaserver_service:service_manager find;