Merge "SELinux policy changes for uprobe." into main

commit: fcc90e8af26dc6e3f635625414c594092a959a69 [log] [tgz]
author: Yu-Ting Tseng <yutingtseng@google.com> Fri Sep 22 20:01:06 2023 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Fri Sep 22 20:01:06 2023 +0000
tree: da49ff4cbc3551e4b232971053f674ec610e5058
parent: b6314bd9cab8b534f7ceeb897e17f87f8bc7ee30 [diff]
parent: c69343fea9490216225af77ae8a5d74c80bdfd19 [diff]
diff --git a/private/ot_daemon.te b/private/ot_daemon.te
index cdf5486..1021fd9 100644
--- a/private/ot_daemon.te
+++ b/private/ot_daemon.te

@@ -20,6 +20,9 @@
 # Allow OT daemon to read/write the Thread tunnel interface
 allow ot_daemon tun_device:chr_file {read write};
 
+# Allow OT daemon to read/write on the socket created by System Server
+allow ot_daemon system_server:rawip_socket rw_socket_perms_no_ioctl;
+
 hal_client_domain(ot_daemon, hal_threadnetwork)
 
 # Only ot_daemon can publish the binder service

diff --git a/public/hal_dumpstate.te b/public/hal_dumpstate.te
index 193b05a..eaa223b 100644
--- a/public/hal_dumpstate.te
+++ b/public/hal_dumpstate.te

@@ -9,6 +9,8 @@
 
 binder_call(hal_dumpstate_server, servicemanager)
 
+binder_use(hal_dumpstate_server)
+
 # write bug reports in /data/data/com.android.shell/files/bugreports/bugreport
 allow hal_dumpstate shell_data_file:file write;
 # allow reading /proc/interrupts for all hal impls
commit	fcc90e8af26dc6e3f635625414c594092a959a69	[log] [tgz]
author	Yu-Ting Tseng <yutingtseng@google.com>	Fri Sep 22 20:01:06 2023 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Fri Sep 22 20:01:06 2023 +0000
tree	da49ff4cbc3551e4b232971053f674ec610e5058
parent	b6314bd9cab8b534f7ceeb897e17f87f8bc7ee30 [diff]
parent	c69343fea9490216225af77ae8a5d74c80bdfd19 [diff]