Allow dumpstate to query Citadel info
Before this CL, the CTS fails when gathering
citadel info. Once have this is useful Citadel
information appears in dumpstate_board.txt
In previous design, we were running --id and --selftest,
but these might be used to identify the specific
citadel chip, so we only run it on userdebug and
eng build.
Currently, we allow gathering citadel's firmware version,
uptime stats, and MB type in all bug reports
which cannot be used to identify a specific phone,
it's safe to run in shipping rom.
Log:
avc: denied { find } for pid=15720 uid=1000 name=android.hardware.citadel.ICitadeld scontext=u:r:hal_dumpstate_impl:s0 tcontext=u:object_r:citadeld_service:s0 tclass=service_manager permissive=1
avc: denied { read } for name="vndbinder" dev="tmpfs" ino=16373 scontext=u:r:hal_dumpstate_impl:s0 tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file permissive=1
avc: denied { write } for name="vndbinder" dev="tmpfs" ino=16373 scontext=u:r:hal_dumpstate_impl:s0 tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file permissive=1
avc: denied { open } for path="/dev/vndbinder" dev="tmpfs" ino=16373 scontext=u:r:hal_dumpstate_impl:s0 tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file permissive=1
avc: denied { ioctl } for path="/dev/vndbinder" dev="tmpfs" ino=16373 ioctlcmd=0x6209 scontext=u:r:hal_dumpstate_impl:s0 tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file permissive=1
avc: denied { call } for scontext=u:r:hal_dumpstate_impl:s0 tcontext=u:r:vndservicemanager:s0 tclass=binder permissive=1
Bug: 150648303
Test: run cts -m CtsSecurityHostTestCases -t \
android.security.cts.SELinuxHostTest#testNoBugreportDenials
Signed-off-by: Syuan Yang <syuanyang@google.com>
Change-Id: I39cb6a4f4e61763dce1c2a3156b08174da625071
Merged-In: I39cb6a4f4e61763dce1c2a3156b08174da625071
(cherry picked from commit 711075a64e358b873f930d424c3242a4be09dc07)
1 file changed
