Allow system_app to interact with Dumpstate HAL To let end user enable/disable the verbose vender logging, a developer option is added into Settings app which need directly interact with Dumpstate HAL. In the future, the same function may be added into SystemUI, eg. as a QuickSettings tile. To allow both Settings app and system.ui, system_app is the best candidate for the sepolicy change. Bug: 148822215 Test: make && make RunSettingsRoboTests Change-Id: Ic6ef497505719e07cc37518b78c9dc146cda2d2c

commit: 8950e7a25b7c082e2b19c624cdb69a19aebd9f46 [log] [tgz]
author: Rambo Wang <rambowang@google.com> Wed Feb 12 19:06:04 2020 -0800
committer: Rambo Wang <rambowang@google.com> Wed Feb 19 06:03:32 2020 +0000
tree: 358269332e1d02478a5dc1235b8e34b1ea5503e8
parent: a3b19be219e643c342b43b79a4819f8a6ffd5607 [diff]
diff --git a/private/system_app.te b/private/system_app.te
index e5d7d18..9e25696 100644
--- a/private/system_app.te
+++ b/private/system_app.te

@@ -78,6 +78,9 @@
 # Allow system apps to interact with gpuservice
 binder_call(system_app, gpuservice)
 
+# Allow system app to interact with Dumpstate HAL
+hal_client_domain(system_app, hal_dumpstate)
+
 allow system_app servicemanager:service_manager list;
 # TODO: scope this down? Too broad?
 allow system_app {
commit	8950e7a25b7c082e2b19c624cdb69a19aebd9f46	[log] [tgz]
author	Rambo Wang <rambowang@google.com>	Wed Feb 12 19:06:04 2020 -0800
committer	Rambo Wang <rambowang@google.com>	Wed Feb 19 06:03:32 2020 +0000
tree	358269332e1d02478a5dc1235b8e34b1ea5503e8
parent	a3b19be219e643c342b43b79a4819f8a6ffd5607 [diff]