diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2012-01-04 12:33:27 -0500 |
|---|---|---|
| committer | Stephen Smalley <sds@tycho.nsa.gov> | 2012-01-04 12:33:27 -0500 |
| commit | 2dd4e51d5c2a2dfc0bfdee9303269f5a665f6e35 (patch) | |
| tree | 70cf7ff792b5f782a2963f87c873b7a7ae926af4 /shell.te | |
| download | android_external_sepolicy-2dd4e51d5c2a2dfc0bfdee9303269f5a665f6e35.tar.gz android_external_sepolicy-2dd4e51d5c2a2dfc0bfdee9303269f5a665f6e35.tar.bz2 android_external_sepolicy-2dd4e51d5c2a2dfc0bfdee9303269f5a665f6e35.zip | |
SE Android policy.
Diffstat (limited to 'shell.te')
| -rw-r--r-- | shell.te | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/shell.te b/shell.te new file mode 100644 index 0000000..e7e3b35 --- /dev/null +++ b/shell.te @@ -0,0 +1,30 @@ +type shell, domain; +type shell_exec, file_type; +domain_auto_trans(adbd, shell_exec, shell) +domain_auto_trans(init, shell_exec, shell) +allow shell rootfs:dir r_dir_perms; +allow shell devpts:chr_file rw_file_perms; +allow shell tty_device:chr_file rw_file_perms; +allow shell console_device:chr_file rw_file_perms; +allow shell system_file:file x_file_perms; +allow shell shell_exec:file rx_file_perms; +allow shell zygote_exec:file rx_file_perms; +allow shell shell_data_file:dir create_dir_perms; +allow shell shell_data_file:file create_file_perms; +allow shell shell_data_file:file rx_file_perms; + +r_dir_file(shell, apk_data_file) +allow shell dalvikcache_data_file:file write; + +# Run dmesg. +allow shell kernel:system syslog_read; + +# Run cat /proc/kmsg. +allow shell kernel:system syslog_mod; + +# Run logcat. +allow shell log_device:chr_file r_file_perms; + +# Run app_process. +# XXX Split into its own domain? +app_domain(shell) |