diff options
| author | Biswajit Paul <biswajitpaul@codeaurora.org> | 2015-08-20 14:54:27 -0700 |
|---|---|---|
| committer | Biswajit Paul <biswajitpaul@codeaurora.org> | 2015-08-20 14:54:27 -0700 |
| commit | de72e445cf0f1a206de3a916aa8c42bb99011898 (patch) | |
| tree | c777cb70c55ff1a3c5edc3ce7abf189c349d942d | |
| parent | 0e6831800a40779e144ee01a60a8bb8ac9e4d172 (diff) | |
| download | android_device_qcom_sepolicy-de72e445cf0f1a206de3a916aa8c42bb99011898.tar.gz android_device_qcom_sepolicy-de72e445cf0f1a206de3a916aa8c42bb99011898.tar.bz2 android_device_qcom_sepolicy-de72e445cf0f1a206de3a916aa8c42bb99011898.zip | |
sepolicy: Add rules for qti-testscripts domain
Certain test setup requires connecting to qti-testscript domain
and use a socket transfered from it.
Also allow all domains to make binder call to qti-testscript.
Change-Id: Ib82a59c2233fa87c673faf7582ce0d6b374aee87
| -rw-r--r-- | test/qti-testscripts.te | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/test/qti-testscripts.te b/test/qti-testscripts.te index 6820d974..d271f512 100644 --- a/test/qti-testscripts.te +++ b/test/qti-testscripts.te @@ -63,7 +63,20 @@ userdebug_or_eng(` dontaudit qti-testscripts domain:drmservice *; dontaudit qti-testscripts unlabeled:filesystem *; #super_user - end + + #Added below rule in same file to keep all debug policies + #under one common file. + # All domains can read proc enrty of qti-testscripts r_dir_file(domain, qti-testscripts) r_dir_file(qti-testscripts, domain) + + allow adbd qti-testscripts:process dyntransition; + allow domain qti-testscripts:unix_stream_socket connectto; + allow domain qti-testscripts:fd use; + allow domain qti-testscripts:unix_stream_socket { getattr getopt read write shutdown }; + binder_call({ domain -init }, qti-testscripts) + allow domain qti-testscripts:fifo_file { write getattr }; + allow domain qti-testscripts:process sigchld; + ') |