Merge "Allow crash_dump to read from /data/local/tests."

commit: adaabe529c9f658ffdd4c1d0ea909f6a26094a68 [log] [tgz]
author: Christopher Ferris <cferris@google.com> Thu Sep 09 23:20:41 2021 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Sep 09 23:20:41 2021 +0000
tree: cf3f00a8dc9a11814a64579a14b04091d3b825b6
parent: a053861726edd252985018cf5d42aec65d08ffc3 [diff]
parent: f2acb20e1b6dce01ecbcebd11607b72bed6e3b25 [diff]
diff --git a/public/crash_dump.te b/public/crash_dump.te
index 472e1dc..45269c3 100644
--- a/public/crash_dump.te
+++ b/public/crash_dump.te

@@ -43,6 +43,9 @@
 # Read all /vendor
 r_dir_file(crash_dump, { vendor_file same_process_hal_file })
 
+# Read all /data/local/tests
+r_dir_file(crash_dump, shell_test_data_file)
+
 # Talk to tombstoned
 unix_socket_connect(crash_dump, tombstoned_crash, tombstoned)
 

diff --git a/public/domain.te b/public/domain.te
index 3643d8c..19562b1 100644
--- a/public/domain.te
+++ b/public/domain.te

@@ -474,7 +474,7 @@
 
 neverallow { domain -shell -init -adbd } shell_test_data_file:file_class_set no_w_file_perms;
 neverallow { domain -shell -init -adbd } shell_test_data_file:dir no_w_dir_perms;
-neverallow { domain -shell -init -adbd -heapprofd } shell_test_data_file:file *;
+neverallow { domain -shell -init -adbd -heapprofd -crash_dump } shell_test_data_file:file *;
 neverallow heapprofd shell_test_data_file:file { no_w_file_perms no_x_file_perms };
 neverallow { domain -shell -init -adbd } shell_test_data_file:sock_file *;
commit	adaabe529c9f658ffdd4c1d0ea909f6a26094a68	[log] [tgz]
author	Christopher Ferris <cferris@google.com>	Thu Sep 09 23:20:41 2021 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Thu Sep 09 23:20:41 2021 +0000
tree	cf3f00a8dc9a11814a64579a14b04091d3b825b6
parent	a053861726edd252985018cf5d42aec65d08ffc3 [diff]
parent	f2acb20e1b6dce01ecbcebd11607b72bed6e3b25 [diff]