sepolicy: Add write_logd, read_logd & control_logd
- Add write_logd, read_logd and control_logd macros added along
with contexts for user space logd.
- Specify above on domain wide, or service-by-service basis
- Add logd rules.
- deprecate access_logcat as unused.
- 'allow <domain> zygote:unix_dgram_socket write;' rule added to
deal with fd inheritance. ToDo: investigate means to allow
references to close, and reopen in context of application
or call setsockcreatecon() to label them in child context.
Change-Id: I35dbb9d5122c5ed9b8c8f128abf24a871d6b26d8
diff --git a/dumpstate.te b/dumpstate.te
index 5977422..8ecb6cc 100644
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -86,3 +86,7 @@
allow dumpstate self:process execmem;
# For art.
allow dumpstate dalvikcache_data_file:file execute;
+
+# logd access
+read_logd(dumpstate)
+control_logd(dumpstate)