Merge "Revert "Remove unnecessary adbd permissions."" into oc-dev

commit: 4966f2b578bb1884f5a1cf1b899f7a0ac9e11525 [log] [tgz]
author: TreeHugger Robot <treehugger-gerrit@google.com> Tue Apr 11 04:36:34 2017 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Tue Apr 11 04:36:35 2017 +0000
tree: 83a0e18685a10b717ced904132a2d0baf8c338ce
parent: fa35da096a6132a38f15d01f93b661c8500bac46 [diff]
parent: 26ce838838c3aadd3b4adde7bfd3667b14bbdd48 [diff]
diff --git a/private/adbd.te b/private/adbd.te
index 5fa83e2..b402335 100644
--- a/private/adbd.te
+++ b/private/adbd.te

@@ -63,6 +63,15 @@
 # Run /system/bin/bu
 allow adbd system_file:file rx_file_perms;
 
+# Perform binder IPC to surfaceflinger (screencap)
+# XXX Run screencap in a separate domain?
+binder_use(adbd)
+binder_call(adbd, surfaceflinger)
+# b/13188914
+allow adbd gpu_device:chr_file rw_file_perms;
+allow adbd ion_device:chr_file rw_file_perms;
+r_dir_file(adbd, system_file)
+
 # Needed for various screenshots
 hal_client_domain(adbd, hal_graphics_allocator)
commit	4966f2b578bb1884f5a1cf1b899f7a0ac9e11525	[log] [tgz]
author	TreeHugger Robot <treehugger-gerrit@google.com>	Tue Apr 11 04:36:34 2017 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Tue Apr 11 04:36:35 2017 +0000
tree	83a0e18685a10b717ced904132a2d0baf8c338ce
parent	fa35da096a6132a38f15d01f93b661c8500bac46 [diff]
parent	26ce838838c3aadd3b4adde7bfd3667b14bbdd48 [diff]