Merge "Allow heapprofd to read shell_data_file."
diff --git a/private/heapprofd.te b/private/heapprofd.te
index 7bd60a4..7e16b9b 100644
--- a/private/heapprofd.te
+++ b/private/heapprofd.te
@@ -45,6 +45,7 @@
r_dir_file(heapprofd, apk_data_file)
r_dir_file(heapprofd, dalvikcache_data_file)
r_dir_file(heapprofd, vendor_file_type)
+ r_dir_file(heapprofd, shell_data_file)
# Some dex files are not world-readable.
# We are still constrained by the SELinux rules above.
allow heapprofd self:global_capability_class_set dac_read_search;
diff --git a/public/domain.te b/public/domain.te
index 35f03ee..1c47a7e 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1189,6 +1189,7 @@
domain
-shell
userdebug_or_eng(`-uncrypt')
+ userdebug_or_eng(`-heapprofd')
-installd
} shell_data_file:lnk_file read;
@@ -1216,6 +1217,7 @@
-simpleperf_app_runner
-system_server # why?
userdebug_or_eng(`-uncrypt')
+ userdebug_or_eng(`-heapprofd')
} shell_data_file:dir { open search };
# Same as above for /data/local/tmp files. We allow shell files
@@ -1227,6 +1229,7 @@
-dumpstate
-installd
userdebug_or_eng(`-uncrypt')
+ userdebug_or_eng(`-heapprofd')
} shell_data_file:file open;
# servicemanager and vndservicemanager are the only processes which handle the