diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2012-07-31 09:45:01 -0400 |
|---|---|---|
| committer | Steve Kondik <shade@chemlab.org> | 2014-10-28 01:30:31 -0700 |
| commit | 1400258553c9fed0dfce40bae6d27939c1023d8c (patch) | |
| tree | 51728ca03ea964b3dd2ff84274082d8348788218 | |
| parent | cbc36489a60bddbee9857aaddb027290e4b22ef8 (diff) | |
| download | android_external_sepolicy-stable/cm-11.0-XNG3C.tar.gz android_external_sepolicy-stable/cm-11.0-XNG3C.tar.bz2 android_external_sepolicy-stable/cm-11.0-XNG3C.zip | |
sepolicy: Fix a few denials when debuggingstable/cm-11.0-XNG3Cstable/cm-11.0-XNG2S
Change-Id: I1b0b5ead1aa67a2a1a854ae965c98c86fc4c00cb
| -rw-r--r-- | app.te | 7 | ||||
| -rw-r--r-- | system.te | 4 |
2 files changed, 11 insertions, 0 deletions
@@ -13,6 +13,13 @@ unix_socket_connect(appdomain, keystore, keystore) # Receive and use open file descriptors inherited from zygote. allow appdomain zygote:fd use; +# gdbserver for ndk-gdb reads the zygote. +# valgrind needs mmap exec for zygote +allow appdomain zygote_exec:file rx_file_perms; + +# gdbserver for ndk-gdb ptrace attaches to app process. +allow appdomain self:process ptrace; + # Read system properties managed by zygote. allow appdomain zygote_tmpfs:file read; @@ -8,6 +8,10 @@ permissive system; unconfined_domain(system); relabelto_domain(system); +# Relabel /data/anr. +allow system system_data_file:dir relabelfrom; +allow system anr_data_file:dir relabelto; + # Create a socket for receiving info from wpa. type_transition system wifi_data_file:sock_file system_wpa_socket; allow system self:zygote { specifyids specifyrlimits specifyseinfo }; |