adbd: allow ddms screen capture to work again
The removal of domain_deprecated broke ddms screen capturing
functionality.
Steps to reproduce:
1) Run "ddms"
2) Select your device
3) Go to the Device > Screen Capture menu
4) Attempt to take a screenshot
Addresses the following denials:
avc: denied { read } for pid=2728 comm="screencap" name="ion" dev="tmpfs" ino=7255 scontext=u:r:adbd:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file permissive=1
avc: denied { open } for pid=2728 comm="screencap" name="ion" dev="tmpfs" ino=7255 scontext=u:r:adbd:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file permissive=1
avc: denied { ioctl } for pid=2728 comm="screencap" path="/dev/ion" dev="tmpfs" ino=7255 ioctlcmd=4905 scontext=u:r:adbd:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file permissive=1
avc: denied { read } for pid=5261 comm="screencap" name="egl" dev="dm-1" ino=210 scontext=u:r:adbd:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0
avc: denied { read } for pid=5261 comm="screencap" name="egl" dev="dm-1" ino=210 scontext=u:r:adbd:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0
Bug: 26023462
Change-Id: Ie77c65900de56756d5c9b99dcda1e20664151ed2
diff --git a/adbd.te b/adbd.te
index 34c0ae9..07b64ac 100644
--- a/adbd.te
+++ b/adbd.te
@@ -62,6 +62,8 @@
binder_call(adbd, surfaceflinger)
# b/13188914
allow adbd gpu_device:chr_file rw_file_perms;
+allow adbd ion_device:chr_file r_file_perms;
+r_dir_file(adbd, system_file)
# Read /data/misc/adb/adb_keys.
allow adbd adb_keys_file:dir search;