allow surfaceflinger to use socket from adbd Fixes `adb shell cmd gpu vkjson`, which was previously failing due to surfaceflinger not being able to use the socket passed to it by adbd. Bug: b/37157136 Test: run above command, verified on marlin + bullhead Change-Id: I57fa7e99d5c3dc7bc7d033b83f8ce6032162d7d3

commit: 676003cf3aa1b42c9efb7f287a507ebc40b51548 [log] [tgz]
author: Chris Forbes <chrisforbes@google.com> Fri Apr 28 10:10:36 2017 -0700
committer: Chris Forbes <chrisforbes@google.com> Fri Apr 28 16:36:02 2017 -0700
tree: 51fd49e2bb348fa9ffce166011854415e2a617db
parent: b9d5d5cc8b990f05ed61e1a7a730edd37a868d29 [diff] [blame]
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index 3e91d21..8e5892b 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te

@@ -52,6 +52,9 @@
 allow surfaceflinger appdomain:fd use;
 allow surfaceflinger app_data_file:file { read write };
 
+# Use socket supplied by adbd, for cmd gpu vkjson etc.
+allow surfaceflinger adbd:unix_stream_socket { read write getattr };
+
 # Allow a dumpstate triggered screenshot
 binder_call(surfaceflinger, dumpstate)
 binder_call(surfaceflinger, shell)
commit	676003cf3aa1b42c9efb7f287a507ebc40b51548	[log] [tgz]
author	Chris Forbes <chrisforbes@google.com>	Fri Apr 28 10:10:36 2017 -0700
committer	Chris Forbes <chrisforbes@google.com>	Fri Apr 28 16:36:02 2017 -0700
tree	51fd49e2bb348fa9ffce166011854415e2a617db
parent	b9d5d5cc8b990f05ed61e1a7a730edd37a868d29 [diff] [blame]