Allow incidentd to communicate with clients over pipes.
Previously we dumped the data into dropbox. This improves a couple
things:
- We write into dropbox via the fd, so dropbox doesn't pull from the
incidentd directory anymore.
- There is a new API to for priv apps to explicitly read incident
reports. That gives incidentd finer grained control over who can
read it (specifically, it only allows apps to access the incident
reports they requested, or were requested for them via statsd,
instead of getting DUMP and reading whatever they want from
dropbox).
Test: bit incident_test:* GtsIncidentManagerTestCases:*
Bug: 123543706
Change-Id: I9a323e372c4ff95d91419a61e8a20ea5a3a860a5
diff --git a/private/system_server.te b/private/system_server.te
index ab4a07c..8fff848 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -412,6 +412,10 @@
allow system_server su:fifo_file append;
')
+# Allow system_server to read pipes from incidentd (used to deliver incident reports
+# to dropbox)
+allow system_server incidentd:fifo_file read;
+
# Read /data/misc/incidents - only read. The fd will be sent over binder,
# with no DAC access to it, for dropbox to read.
allow system_server incident_data_file:file read;