diff options
author | Alex Klyubin <klyubin@google.com> | 2013-05-06 13:24:27 -0700 |
---|---|---|
committer | Alex Klyubin <klyubin@google.com> | 2013-05-06 14:42:56 -0700 |
commit | 8199123c8d1cf971c4edbab26e701df10a8bbc28 (patch) | |
tree | 89f9ee5773f32cb0f4a1b284daf4c2676ac4ca00 | |
parent | 3123b1eef7c15dee0b0df72c6a3017f1797a278d (diff) | |
download | android_external_sepolicy-8199123c8d1cf971c4edbab26e701df10a8bbc28.tar.gz android_external_sepolicy-8199123c8d1cf971c4edbab26e701df10a8bbc28.tar.bz2 android_external_sepolicy-8199123c8d1cf971c4edbab26e701df10a8bbc28.zip |
SELinux policy that separates "init_shell" from "shell".
"init_shell" is used for shell processes spawned by init.
Change-Id: I9e35d485bac91f3d0e4f3704acdbb9af7d617173
-rw-r--r-- | init_shell.te | 14 | ||||
-rw-r--r-- | shell.te | 2 |
2 files changed, 15 insertions, 1 deletions
diff --git a/init_shell.te b/init_shell.te new file mode 100644 index 0000000..a2f6a3c --- /dev/null +++ b/init_shell.te @@ -0,0 +1,14 @@ +# Restricted domain for shell processes spawned by init +type init_shell, domain, mlstrustedsubject; +domain_auto_trans(init, shell_exec, init_shell) +allow init_shell rootfs:dir r_dir_perms; +allow init_shell devpts:chr_file rw_file_perms; +allow init_shell tty_device:chr_file rw_file_perms; +allow init_shell console_device:chr_file rw_file_perms; +allow init_shell input_device:chr_file rw_file_perms; +allow init_shell system_file:file x_file_perms; +allow init_shell shell_exec:file rx_file_perms; +allow init_shell zygote_exec:file rx_file_perms; + +# setprop toolbox command +unix_socket_connect(init_shell, property, init) @@ -1,6 +1,6 @@ +# Domain for shell processes spawned by ADB type shell, domain, mlstrustedsubject; type shell_exec, file_type; -domain_auto_trans(init, shell_exec, shell) allow shell rootfs:dir r_dir_perms; allow shell devpts:chr_file rw_file_perms; allow shell tty_device:chr_file rw_file_perms; |