From 548c2f184d9b8aeca9d75bf35319fef591d05a85 Mon Sep 17 00:00:00 2001
From: Boon Jun Soh <boonjun@google.com>
Date: Fri, 8 Dec 2023 19:00:04 +0800
Subject: [PATCH] Fix rlsservice sepolicy

Allows bugreport generation

Bug: 315255760
Bug: 309379598
Test: abd bugreport & ensure lack of rls avc denied logs
Change-Id: Ib3fc7b089c7aea4aea69f219d4c19847d39b0729
---
 tracking_denials/bug_map                | 1 -
 whitechapel/vendor/google/dumpstate.te  | 2 +-
 whitechapel/vendor/google/rlsservice.te | 4 ++++
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map
index 2b6cd412..a967250a 100644
--- a/tracking_denials/bug_map
+++ b/tracking_denials/bug_map
@@ -1,6 +1,5 @@
 chre vendor_data_file dir b/301948771
 dump_modem device chr_file b/305600375
-dumpstate rlsservice binder b/309379598
 dumpstate virtual_camera binder b/312894628
 dumpstate virtual_camera process b/312894628
 hal_power_default hal_power_default capability b/240632824
diff --git a/whitechapel/vendor/google/dumpstate.te b/whitechapel/vendor/google/dumpstate.te
index e715ad95..f5be2a83 100644
--- a/whitechapel/vendor/google/dumpstate.te
+++ b/whitechapel/vendor/google/dumpstate.te
@@ -13,4 +13,4 @@ allow dumpstate modem_efs_file:dir getattr;
 allow dumpstate modem_img_file:dir getattr;
 allow dumpstate modem_userdata_file:dir getattr;
 allow dumpstate fuse:dir search;
-
+allow dumpstate rlsservice:binder call;
\ No newline at end of file
diff --git a/whitechapel/vendor/google/rlsservice.te b/whitechapel/vendor/google/rlsservice.te
index 43324959..0705e5db 100644
--- a/whitechapel/vendor/google/rlsservice.te
+++ b/whitechapel/vendor/google/rlsservice.te
@@ -36,3 +36,7 @@ allow rlsservice apex_info_file:file r_file_perms;
 
 # Allow read camera property
 get_prop(rlsservice, vendor_camera_prop);
+
+# Allow rlsservice bugreport generation
+allow rlsservice dumpstate:fd use;
+allow rlsservice dumpstate:fifo_file write;
\ No newline at end of file