Fix denials triggered by adb shell screencap. Change-Id: Ief925f1f49a6579d5a7a1035f3732834238fa590 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

commit: a5066135eeb15ab4c61241689dca1fdfe3a19e05 [log] [tgz]
author: Stephen Smalley <sds@tycho.nsa.gov> Tue Jan 07 13:25:25 2014 -0500
committer: Stephen Smalley <sds@tycho.nsa.gov> Tue Jan 07 13:25:25 2014 -0500
tree: b9e19bbb83daed29ec9786e4844a1e2ed096ae24
parent: 5f290264594982cbb81bf635b65a53ee5b77f6f8 [diff]
diff --git a/dumpstate.te b/dumpstate.te
index 948131e..e0fe4ce 100644
--- a/dumpstate.te
+++ b/dumpstate.te

@@ -71,5 +71,5 @@
 
 # Allow the bugreport service to create a file in
 # /data/data/com.android.shell/files/bugreports/bugreport
-allow dumpstate shell_data_file:dir rw_dir_perms;
+allow dumpstate shell_data_file:dir create_dir_perms;
 allow dumpstate shell_data_file:file create_file_perms;

diff --git a/surfaceflinger.te b/surfaceflinger.te
index eb7caeb..e926bc8 100644
--- a/surfaceflinger.te
+++ b/surfaceflinger.te

@@ -42,4 +42,5 @@
 
 # Allow a dumpstate triggered screenshot
 binder_call(surfaceflinger, dumpstate)
+binder_call(surfaceflinger, shell)
 allow surfaceflinger shell_data_file:file write;
commit	a5066135eeb15ab4c61241689dca1fdfe3a19e05	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Tue Jan 07 13:25:25 2014 -0500
committer	Stephen Smalley <sds@tycho.nsa.gov>	Tue Jan 07 13:25:25 2014 -0500
tree	b9e19bbb83daed29ec9786e4844a1e2ed096ae24
parent	5f290264594982cbb81bf635b65a53ee5b77f6f8 [diff]