Allow apps to dump meminfo to serial_console.
Executing dumpsys meminfo over the console shell requires that output go to the
console_device. meminfo passes a fd to each applicaiton thread so that it can
do this in IApplicationThread.dumpMemInfo(). Allow use of this fd.
Addresses the following denial:
type=1400 audit(1426793987.944:4224): avc: denied { read write } for pid=1809 comm="Binder_4" path="/dev/console" dev="tmpfs" ino=5684 scontext=u:r:platform_app:s0 tcontext=u:object_r:console_device:s0 tclass=chr_file
Bug: 17135173
Change-Id: Id5340a1fb3c8dbf41bda427720c4a0047bc557fc
diff --git a/app.te b/app.te
index 8af6244..4aad958 100644
--- a/app.te
+++ b/app.te
@@ -177,6 +177,8 @@
use_keystore({ appdomain -isolated_app })
+allow appdomain console_device:chr_file { read write };
+
###
### CTS-specific rules
###