diff options
author | Nick Kralevich <nnk@google.com> | 2014-06-05 13:27:44 -0700 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2014-06-05 13:31:31 -0700 |
commit | 4fd4a2054db06329acc524c7eb07715ec625dc5d (patch) | |
tree | 693602d54add206d7035916a34e6ca937ea4c12a /shell.te | |
parent | 0341e1abb1017b12985a4e1e904bc4f900601a2c (diff) | |
download | android_external_sepolicy-4fd4a2054db06329acc524c7eb07715ec625dc5d.tar.gz android_external_sepolicy-4fd4a2054db06329acc524c7eb07715ec625dc5d.tar.bz2 android_external_sepolicy-4fd4a2054db06329acc524c7eb07715ec625dc5d.zip |
Allow adbd / shell /data/anr access
The shell user needs to be able to run commands like
"cat /data/anr/traces.txt". Allow it.
We also need to be able to pull the file via adb.
"adb pull /data/anr/traces.txt". Allow it.
Addresses the following denials:
<4>[ 20.212398] type=1400 audit(1402000262.433:11): avc: denied { getattr } for pid=1479 comm="adbd" path="/data/anr/traces.txt" dev="mmcblk0p28" ino=325763 scontext=u:r:adbd:s0 tcontext=u:object_r:anr_data_file:s0 tclass=file
<4>[ 20.252182] type=1400 audit(1402000262.473:12): avc: denied { read } for pid=1479 comm="adbd" name="traces.txt" dev="mmcblk0p28" ino=325763 scontext=u:r:adbd:s0 tcontext=u:object_r:anr_data_file:s0 tclass=file
<4>[ 20.252579] type=1400 audit(1402000262.473:13): avc: denied { open } for pid=1479 comm="adbd" name="traces.txt" dev="mmcblk0p28" ino=325763 scontext=u:r:adbd:s0 tcontext=u:object_r:anr_data_file:s0 tclass=file
<4>[ 27.104068] type=1400 audit(1402000268.479:14): avc: denied { read } for pid=2377 comm="sh" name="traces.txt" dev="mmcblk0p28" ino=325763 scontext=u:r:shell:s0 tcontext=u:object_r:anr_data_file:s0 tclass=file
Bug: 15450720
Change-Id: I767102a7182895112838559b0ade1cd7c14459ab
Diffstat (limited to 'shell.te')
-rw-r--r-- | shell.te | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -13,4 +13,8 @@ app_domain(shell) read_logd(shell) control_logd(shell) +# read files in /data/anr +allow shell anr_data_file:dir r_dir_perms; +allow shell anr_data_file:file r_file_perms; + # inherits from shelldomain.te |