Fix dumpstate denials related to virtual_camera
Bug: 313794601
Test: atest android.security.cts.SELinuxHostTest#testNoBugreportDenials
Change-Id: Ie5b7c89388190fa927f8c762b2e65557f9d9870b
diff --git a/private/dumpstate.te b/private/dumpstate.te
index 18924ca..a40d73c 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -59,6 +59,9 @@
# Allow dumpstate to talk to automotive_display_service over binder
binder_call(dumpstate, automotive_display_service)
+# Allow dumpstate to talk to virtual_camera service over binder
+binder_call(dumpstate, virtual_camera)
+
# Collect metrics on boot time created by init
get_prop(dumpstate, boottime_prop)
@@ -67,6 +70,7 @@
mediatranscoding
statsd
netd
+ virtual_camera
}:process signal;
# Only allow dumpstate to dump Keystore on debuggable builds.
diff --git a/private/virtual_camera.te b/private/virtual_camera.te
index 5739d5f..d8c5df7 100644
--- a/private/virtual_camera.te
+++ b/private/virtual_camera.te
@@ -24,3 +24,7 @@
# Allow virtual_camera to use GPU
allow virtual_camera gpu_device:chr_file rw_file_perms;
allow virtual_camera gpu_device:dir r_dir_perms;
+
+# For collecting bugreports.
+allow virtual_camera dumpstate:fd use;
+allow virtual_camera dumpstate:fifo_file write;