diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2014-01-29 14:56:41 -0500 |
|---|---|---|
| committer | Stephen Smalley <sds@tycho.nsa.gov> | 2014-01-29 14:57:08 -0500 |
| commit | 208deb335719280c11ab0e6aa033bfd33629320a (patch) | |
| tree | 0e902c66893882f5fd96b5e3cc208a6f7fa96735 /dumpstate.te | |
| parent | 997680a3b78db39cf442f80fd92d4eb93d0f262a (diff) | |
| download | android_external_sepolicy-208deb335719280c11ab0e6aa033bfd33629320a.tar.gz android_external_sepolicy-208deb335719280c11ab0e6aa033bfd33629320a.tar.bz2 android_external_sepolicy-208deb335719280c11ab0e6aa033bfd33629320a.zip | |
Allow dumpstate to run am and shell.
See http://code.google.com/p/android/issues/detail?id=65339
Further denials were observed in testing and allowed as well.
Change-Id: I54e56bf5650b50b61e092a6dac45c971397df60f
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'dumpstate.te')
| -rw-r--r-- | dumpstate.te | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/dumpstate.te b/dumpstate.te index fbf9ce9..5977422 100644 --- a/dumpstate.te +++ b/dumpstate.te @@ -73,3 +73,16 @@ allow dumpstate self:capability sys_ptrace; # /data/data/com.android.shell/files/bugreports/bugreport allow dumpstate shell_data_file:dir create_dir_perms; allow dumpstate shell_data_file:file create_file_perms; + +# Run a shell. +allow dumpstate shell_exec:file rx_file_perms; + +# For running am and similar framework commands. +# Run /system/bin/app_process. +allow dumpstate zygote_exec:file rx_file_perms; +# Dalvik Compiler JIT. +allow dumpstate ashmem_device:chr_file execute; +allow dumpstate dumpstate_tmpfs:file execute; +allow dumpstate self:process execmem; +# For art. +allow dumpstate dalvikcache_data_file:file execute; |