dumpstate: talk to vibrator hal
Bug: 33067126
Test: Dumpstate vibrator works.
Change-Id: I46ff453218ba77f156e13b448e3cba9a291df0e7
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 24e345e..77bb082 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -79,11 +79,6 @@
surfaceflinger
}:debuggerd dump_backtrace;
-# Vibrate the device after we're done collecting the bugreport
-# /sys/class/timed_output/vibrator/enable
-# TODO: create a new file class, instead of allowing write access to all of /sys
-allow dumpstate sysfs:file w_file_perms;
-
# TODO: added to match above sysfs rule. Remove me?
allow dumpstate sysfs_usb:file w_file_perms;
@@ -102,6 +97,13 @@
binder_call(dumpstate, binderservicedomain)
binder_call(dumpstate, { appdomain ephemeral_app netd wificond })
+# Vibrate the device after we are done collecting the bugreport
+# For binderized mode:
+binder_call(dumpstate, hal_vibrator)
+binder_call(dumpstate, hwservicemanager)
+# For passthrough mode:
+allow dumpstate sysfs_vibrator:file { rw_file_perms getattr };
+
# Reading /proc/PID/maps of other processes
allow dumpstate self:capability sys_ptrace;
@@ -210,3 +212,7 @@
# only system_server and shell can find the dumpstate service
neverallow { domain -system_server -shell } dumpstate_service:service_manager find;
+
+# Dumpstate should not be writing to any generically labeled sysfs files.
+# Create a specific label for the file type
+neverallow dumpstate sysfs:file no_w_file_perms;