Fix dumpstate denials related to ot_daemon Bug: 313794601 Test: atest android.security.cts.SELinuxHostTest#testNoBugreportDenials Change-Id: I5dfa427e3c7ad99ec21392d2f219f14b66dd6256

commit: e1ee768a97f41a8b925e9cdd74108f6962cffde0 [log] [tgz]
author: Kangping Dong <wgtdkp@google.com> Fri Dec 01 13:02:38 2023 +0800
committer: Kangping Dong <wgtdkp@google.com> Fri Dec 01 13:02:38 2023 +0800
tree: ce87d77c4a6ba9beb9b3e5b54c53e988adbb114a
parent: d3fe043eb89bf034084a2322fffd5d8232d1e79c [diff]
diff --git a/private/dumpstate.te b/private/dumpstate.te
index a40d73c..1faedb4 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te

@@ -62,6 +62,9 @@
 # Allow dumpstate to talk to virtual_camera service over binder
 binder_call(dumpstate, virtual_camera)
 
+# Allow dumpstate to talk to ot_daemon service over binder
+binder_call(dumpstate, ot_daemon)
+
 # Collect metrics on boot time created by init
 get_prop(dumpstate, boottime_prop)
 
@@ -71,6 +74,7 @@
   statsd
   netd
   virtual_camera
+  ot_daemon
 }:process signal;
 
 # Only allow dumpstate to dump Keystore on debuggable builds.

diff --git a/private/ot_daemon.te b/private/ot_daemon.te
index 066d3d5..457e1bf 100644
--- a/private/ot_daemon.te
+++ b/private/ot_daemon.te

@@ -32,3 +32,7 @@
 
 # Allow OT daemon to write to statsd
 unix_socket_send(ot_daemon, statsdw, statsd)
+
+# For collecting bugreports.
+allow ot_daemon dumpstate:fd use;
+allow ot_daemon dumpstate:fifo_file write;
commit	e1ee768a97f41a8b925e9cdd74108f6962cffde0	[log] [tgz]
author	Kangping Dong <wgtdkp@google.com>	Fri Dec 01 13:02:38 2023 +0800
committer	Kangping Dong <wgtdkp@google.com>	Fri Dec 01 13:02:38 2023 +0800
tree	ce87d77c4a6ba9beb9b3e5b54c53e988adbb114a
parent	d3fe043eb89bf034084a2322fffd5d8232d1e79c [diff]