Grant dumpstate access to artd service The artd daemon is not always active. When running, it exposes a binder service which may be dumped when a bug report is triggered. The current policy did not fully grant access which resulted in spurious denials if a bugreport was triggered when the daemon was running. Test: Run bugreport; observe correct dump of artd service Bug: 282614147 Bug: 192197221 Change-Id: Ie0986d7716de33ec38ae09cfee14c629f5a414a6

commit: 8a250b9099b68ee4f312f7d2d712044c058992e9 [log] [tgz]
author: Thiébaud Weksteen <tweek@google.com> Thu Aug 24 10:37:17 2023 +1000
committer: Thiébaud Weksteen <tweek@google.com> Mon Aug 28 10:53:58 2023 +1000
tree: 1ee27eb39ed828be9ffc8b6db319ddc016ccf347
parent: 3734f169cac5200908f2fa5790e744705d9b1c41 [diff] [blame]
diff --git a/private/artd.te b/private/artd.te
index 5fcd43a..3b234bf 100644
--- a/private/artd.te
+++ b/private/artd.te

@@ -7,7 +7,8 @@
 # Allow artd to publish a binder service and make binder calls.
 binder_use(artd)
 add_service(artd, artd_service)
-allow artd dumpstate:fifo_file  { getattr write };
+allow artd dumpstate:fifo_file { getattr write };
+allow artd dumpstate:fd use;
 
 init_daemon_domain(artd)
commit	8a250b9099b68ee4f312f7d2d712044c058992e9	[log] [tgz]
author	Thiébaud Weksteen <tweek@google.com>	Thu Aug 24 10:37:17 2023 +1000
committer	Thiébaud Weksteen <tweek@google.com>	Mon Aug 28 10:53:58 2023 +1000
tree	1ee27eb39ed828be9ffc8b6db319ddc016ccf347
parent	3734f169cac5200908f2fa5790e744705d9b1c41 [diff] [blame]