diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2014-07-24 15:25:43 -0400 |
|---|---|---|
| committer | Stephen Smalley <sds@tycho.nsa.gov> | 2014-07-24 15:33:44 -0400 |
| commit | ba992496f01e40a10d9749bb25b6498138e607fb (patch) | |
| tree | b8c00dea54c60d7df0d1f0858f9fac50a4a1131f /debuggerd.te | |
| parent | b2eaa28d11c6fed7806c08728ef624819171d627 (diff) | |
| download | android_external_sepolicy-ba992496f01e40a10d9749bb25b6498138e607fb.tar.gz android_external_sepolicy-ba992496f01e40a10d9749bb25b6498138e607fb.tar.bz2 android_external_sepolicy-ba992496f01e40a10d9749bb25b6498138e607fb.zip | |
Define debuggerd class, permissions, and rules.
Define a new class, permissions, and rules for the debuggerd
SELinux MAC checks.
Used by Ib317564e54e07cc21f259e75124b762ad17c6e16 for debuggerd.
Change-Id: I8e120d319512ff207ed22ed87cde4e0432a13dda
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'debuggerd.te')
| -rw-r--r-- | debuggerd.te | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/debuggerd.te b/debuggerd.te index 6bbeac4..22afe63 100644 --- a/debuggerd.te +++ b/debuggerd.te @@ -9,7 +9,7 @@ allow debuggerd self:capability2 { syslog }; allow debuggerd domain:dir r_dir_perms; allow debuggerd domain:file r_file_perms; allow debuggerd domain:lnk_file read; -allow debuggerd { domain -init -ueventd -watchdogd -healthd -adbd -keystore }:process ptrace; +allow debuggerd { domain -init -ueventd -watchdogd -healthd -adbd -keystore }:process { ptrace getattr }; security_access_policy(debuggerd) allow debuggerd system_data_file:dir create_dir_perms; allow debuggerd system_data_file:dir relabelfrom; @@ -31,3 +31,6 @@ userdebug_or_eng(` # logd access read_logd(debuggerd) + +# Check SELinux permissions. +selinux_check_access(debuggerd) |