From 3ade7cefde78db72481e8fea7af8ccc76c086037 Mon Sep 17 00:00:00 2001
From: Jeff Sharkey <jsharkey@android.com>
Date: Thu, 4 Feb 2016 15:18:52 -0700
Subject: [PATCH] Allow 'vdc' to be invoked with logwrapper.

Currently vdc emits logs to stderr, which makes sense for command
line invocations, but when exec'ed they're silently dropped unless
the caller uses logwrapper.

avc: denied { read write } for path="/dev/pts/2" dev="devpts" ino=5 scontext=u:r:vdc:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file permissive=0

Bug: 25796509
Change-Id: Ib92e0a7f580b1934a9853a83684f95b24bdc355c
---
 vdc.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/vdc.te b/vdc.te
index 54789659..d31be658 100644
--- a/vdc.te
+++ b/vdc.te
@@ -21,3 +21,6 @@ allow vdc shell_data_file:file { write getattr };
 
 # Why?
 allow vdc dumpstate:unix_dgram_socket { read write };
+
+# vdc can be invoked with logwrapper, so let it write to pty
+allow vdc devpts:chr_file rw_file_perms;