Merge "Allow shell and adb to read tombstones" into main
diff --git a/private/adbd.te b/private/adbd.te
index d72d5b1..e735222 100644
--- a/private/adbd.te
+++ b/private/adbd.te
@@ -226,6 +226,10 @@
 # Allow adbd to pull /apex/apex-info-list.xml for CTS tests.
 allow adbd apex_info_file:file r_file_perms;
 
+# allow reading tombstones. users can already use bugreports to get those.
+allow adbd tombstone_data_file:dir r_dir_perms;
+allow adbd tombstone_data_file:file r_file_perms;
+
 ###
 ### Neverallow rules
 ###
diff --git a/private/app.te b/private/app.te
index 1ef6ceb..95b85db 100644
--- a/private/app.te
+++ b/private/app.te
@@ -132,9 +132,9 @@
 allow appdomain apex_art_data_file:file rx_file_perms;
 
 # Allow access to tombstones if an fd to one is given to you.
-# This is restricted by unix permissions, so an app must go through system_server to get one.
+# An app cannot open the tombstone itself because it lacks `open`.
 allow appdomain tombstone_data_file:file { getattr read };
-neverallow appdomain tombstone_data_file:file ~{ getattr read };
+neverallow { appdomain -shell } tombstone_data_file:file ~{ getattr read };
 
 # Execute the shell or other system executables.
 allow { appdomain -ephemeral_app -sdk_sandbox_all } shell_exec:file rx_file_perms;
diff --git a/private/shell.te b/private/shell.te
index bfcd5ac..60684f4 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -17,6 +17,10 @@
 # read config.gz for CTS purposes
 allow shell config_gz:file r_file_perms;
 
+# allow reading tombstones. users can already use bugreports to get those.
+allow shell tombstone_data_file:dir r_dir_perms;
+allow shell tombstone_data_file:file r_file_perms;
+
 # Run app_process.
 # XXX Transition into its own domain?
 app_domain(shell)