Merge "init: logpersist access on debug"
diff --git a/dumpstate.te b/dumpstate.te
index c72042b..be9542f 100644
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -113,6 +113,10 @@
allow dumpstate cache_recovery_file:dir r_dir_perms;
allow dumpstate cache_recovery_file:file r_file_perms;
+# Access /data/misc/recovery
+allow dumpstate recovery_data_file:dir r_dir_perms;
+allow dumpstate recovery_data_file:file r_file_perms;
+
allow dumpstate { service_manager_type -gatekeeper_service }:service_manager find;
allow dumpstate servicemanager:service_manager list;
diff --git a/isolated_app.te b/isolated_app.te
index 862592e..34fe41c 100644
--- a/isolated_app.te
+++ b/isolated_app.te
@@ -39,6 +39,12 @@
# Isolated apps should not directly open app data files themselves.
neverallow isolated_app app_data_file:file open;
+# Only allow appending to /data/anr/traces.txt (b/27853304, b/18340553)
+# TODO: are there situations where isolated_apps write to this file?
+# TODO: should we tighten these restrictions further?
+neverallow isolated_app anr_data_file:file ~{ open append };
+neverallow isolated_app anr_data_file:dir ~search;
+
# b/17487348
# Isolated apps can only access two services,
# activity_service and display_service
diff --git a/untrusted_app.te b/untrusted_app.te
index b05627a..47ccb55 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -172,3 +172,7 @@
# Do not allow untrusted_app to directly open tun_device
neverallow untrusted_app tun_device:chr_file open;
+
+# Only allow appending to /data/anr/traces.txt (b/27853304, b/18340553)
+neverallow untrusted_app anr_data_file:file ~{ open append };
+neverallow untrusted_app anr_data_file:dir ~search;