diff options
| author | Christopher Ferris <cferris@google.com> | 2015-01-29 12:11:55 -0800 |
|---|---|---|
| committer | Christopher Ferris <cferris@google.com> | 2015-02-04 14:19:26 -0800 |
| commit | 5ec38c49e3b61b8a3228b56278e85fc276eaec6b (patch) | |
| tree | c8a5444564b480dd5d6198b9ce5c7022d00c9db6 /dumpstate.te | |
| parent | bba18381039dbe45f6acce61d6be1ea7abb2fb06 (diff) | |
| download | android_external_sepolicy-5ec38c49e3b61b8a3228b56278e85fc276eaec6b.tar.gz android_external_sepolicy-5ec38c49e3b61b8a3228b56278e85fc276eaec6b.tar.bz2 android_external_sepolicy-5ec38c49e3b61b8a3228b56278e85fc276eaec6b.zip | |
Dumpstate runs the same from shell as service.
Without this change, any selinux warning you might get when running
dumpstate from init do not show up when running from the shell
as root. This change makes them run the same.
Change-Id: I6b74e0f6f48f47952a2dbe7728b1853008f60dbb
Diffstat (limited to 'dumpstate.te')
| -rw-r--r-- | dumpstate.te | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/dumpstate.te b/dumpstate.te index ad4f238..876eaca 100644 --- a/dumpstate.te +++ b/dumpstate.te @@ -6,8 +6,9 @@ init_daemon_domain(dumpstate) net_domain(dumpstate) binder_use(dumpstate) -# Drop privileges by switching UID / GID -allow dumpstate self:capability { setuid setgid }; +# Allow setting process priority, protect from OOM killer, and dropping +# privileges by switching UID / GID +allow dumpstate self:capability { setuid setgid sys_resource }; # Allow dumpstate to scan through /proc/pid for all processes r_dir_file(dumpstate, domain) @@ -119,3 +120,5 @@ allow dumpstate { }:service_manager find; allow dumpstate servicemanager:service_manager list; + +allow dumpstate devpts:chr_file rw_file_perms; |