Commit 27.0 sepolicy prebuilts to master. Bug: 65551293 Bug: 69390067 Test: None. Prebuilt only change. Change-Id: I62304b342a8b52fd505892cc2d4ebc882148224b

commit: 805824884fbcdc522c2faac10488902bd41192bd [log] [tgz]
author: Dan Cashman <dcashman@google.com> Wed Dec 06 09:20:27 2017 -0800
committer: Dan Cashman <dcashman@google.com> Wed Dec 06 09:23:36 2017 -0800
tree: 467c0bf8955cc265ddd3285a83d61f491dd99846
parent: 7c6627768b63fd7f3ace400afe067d11126579e8 [diff] [blame]
diff --git a/prebuilts/api/27.0/private/incident.te b/prebuilts/api/27.0/private/incident.te
new file mode 100644
index 0000000..b910dde
--- /dev/null
+++ b/prebuilts/api/27.0/private/incident.te

@@ -0,0 +1,25 @@
+typeattribute incident coredomain;
+
+type incident_exec, exec_type, file_type;
+
+# switch to incident domain for incident command
+domain_auto_trans(shell, incident_exec, incident)
+
+# allow incident access to stdout from its parent shell.
+allow incident shell:fd use;
+
+# allow incident to communicate use, read and write over the adb
+# connection.
+allow incident adbd:fd use;
+allow incident adbd:unix_stream_socket { read write };
+
+# allow adbd to reap incident
+allow incident adbd:process { sigchld };
+
+# Allow the incident command to talk to the incidentd over the binder, and get
+# back the incident report data from a ParcelFileDescriptor.
+binder_use(incident)
+allow incident incident_service:service_manager find;
+binder_call(incident, incidentd)
+allow incident incidentd:fifo_file write;
+
commit	805824884fbcdc522c2faac10488902bd41192bd	[log] [tgz]
author	Dan Cashman <dcashman@google.com>	Wed Dec 06 09:20:27 2017 -0800
committer	Dan Cashman <dcashman@google.com>	Wed Dec 06 09:23:36 2017 -0800
tree	467c0bf8955cc265ddd3285a83d61f491dd99846
parent	7c6627768b63fd7f3ace400afe067d11126579e8 [diff] [blame]