Merge "Allow dumpstate to write into privileged apps private files"
diff --git a/private/gpuservice.te b/private/gpuservice.te
index 5e8aab5..c8f3def 100644
--- a/private/gpuservice.te
+++ b/private/gpuservice.te
@@ -28,6 +28,9 @@
# Use socket supplied by adbd, for cmd gpu vkjson etc.
allow gpuservice adbd:unix_stream_socket { read write getattr };
+# Needed for interactive shell
+allow gpuservice devpts:chr_file { read write getattr };
+
add_service(gpuservice, gpu_service)
# Only uncomment below line when in development
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index a4af4e7..9b91806 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -100,6 +100,12 @@
# gdbserver for ndk-gdb ptrace attaches to app process.
allow untrusted_app_all self:process ptrace;
+# Android Studio Instant Run has the application connect to a
+# runas_app socket listening in the abstract namespace.
+# https://developer.android.com/studio/run/
+# b/123297648
+allow untrusted_app_all runas_app:unix_stream_socket connectto;
+
# Cts: HwRngTest
allow untrusted_app_all sysfs_hwrandom:dir search;
allow untrusted_app_all sysfs_hwrandom:file r_file_perms;