Allow dumpstate access to /dev/binderfs/binder_logs
These permissions allow dumpstate to access binder logs
from /dev/binderfs.
avc: denied { read } for name="binder_logs" dev="binder" ino=1048580
scontext=u:r:dumpstate:s0 tcontext=u:object_r:binderfs_logs:s0 tclass=dir permissive=0
avc: denied { read } for comm="dumpstate" name="failed_transaction_log"
dev="binder" ino=1048585 scontext=u:r:dumpstate:s0
tcontext=u:object_r:binderfs_logs:s0 tclass=file permissive=1
avc: denied { open } for comm="dumpstate"
path="/dev/binderfs/binder_logs/failed_transaction_log"
dev="binder" ino=1048585 scontext=u:r:dumpstate:s0
tcontext=u:object_r:binderfs_logs:s0 tclass=file permissive=1
avc: denied { getattr } for comm="dumpstate"
path="/dev/binderfs/binder_logs/failed_transaction_log"
dev="binder" ino=1048585 scontext=u:r:dumpstate:s0
tcontext=u:object_r:binderfs_logs:s0 tclass=file permissive=1
Test: adb shell dumpstate
Bug: 136497735
Change-Id: I5ff7223e431aab9baa3527570fff2da71ab6feb0
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 3f11b6a..4e6cacc 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -324,6 +324,10 @@
allow dumpstate snapshotctl_log_data_file:dir r_dir_perms;
allow dumpstate snapshotctl_log_data_file:file r_file_perms;
+#Allow access to /dev/binderfs/binder_logs
+allow dumpstate binderfs_logs:dir r_dir_perms;
+allow dumpstate binderfs_logs:file r_file_perms;
+
###
### neverallow rules
###