commit 657470ac46315dc4296bb2bab8a75588d8478024
author Joel Galenson <jgalenson@google.com> Wed Dec 05 11:01:04 2018 -0800
committer Joel Galenson <jgalenson@google.com> Wed Dec 05 12:32:09 2018 -0800
tree 5fca31e1b32d61ddf45550f7d68b0fe489de7dcb
parent de3a3e41560314a3fda35adddf0f2328dd9e3a1a

Allow dumpstate to call idmap over binder

This prevents denials while taking a bugreport.

Bug: 116711254
Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t
android.security.cts.SELinuxHostTest#testNoBugreportDenials

Change-Id: I5414141a1557d71e3ac0cf5bc89529685e9069c3

private/dumpstate.te

diff --git a/private/dumpstate.te b/private/dumpstate.te
index 5cba2cd..4f3dda6 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -34,6 +34,9 @@
 # Allow dumpstate to talk to gpuservice over binder
 binder_call(dumpstate, gpuservice);
 
+# Allow dumpstate to talk to idmap over binder
+binder_call(dumpstate, idmap);
+
 # Collect metrics on boot time created by init
 get_prop(dumpstate, boottime_prop)