Allow reading of properties area, which is now created before init has switched contexts. Revisit this later - we should explicitly label the properties file.

author: Stephen Smalley <sds@tycho.nsa.gov> 2012-01-12 08:57:50 -0500
committer: Stephen Smalley <sds@tycho.nsa.gov> 2012-01-12 08:57:50 -0500
commit: 6261d6d8232ffb9acdb0bb67de8ac5833941acc4 (patch)
tree: 65dd2cdccbf8fc9c1b7230654e0d1552351f10e5 /shell.te
parent: 0d76f4e5c2efba89ad5e714cf6a86e2f50fd84e4 (diff)
download: android_external_sepolicy-6261d6d8232ffb9acdb0bb67de8ac5833941acc4.tar.gz
android_external_sepolicy-6261d6d8232ffb9acdb0bb67de8ac5833941acc4.tar.bz2
android_external_sepolicy-6261d6d8232ffb9acdb0bb67de8ac5833941acc4.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/shell.te b/shell.te
index e7e3b35..a66eaf4 100644
--- a/shell.te
+++ b/shell.te
@@ -13,6 +13,10 @@ allow shell shell_data_file:dir create_dir_perms;
 allow shell shell_data_file:file create_file_perms;
 allow shell shell_data_file:file rx_file_perms;
 
+# Read properties.
+allow shell kernel:fd use;
+allow shell tmpfs:file read;
+
 r_dir_file(shell, apk_data_file)
 allow shell dalvikcache_data_file:file write;
author	Stephen Smalley <sds@tycho.nsa.gov>	2012-01-12 08:57:50 -0500
committer	Stephen Smalley <sds@tycho.nsa.gov>	2012-01-12 08:57:50 -0500
commit	6261d6d8232ffb9acdb0bb67de8ac5833941acc4 (patch)
tree	65dd2cdccbf8fc9c1b7230654e0d1552351f10e5 /shell.te
parent	0d76f4e5c2efba89ad5e714cf6a86e2f50fd84e4 (diff)
download	android_external_sepolicy-6261d6d8232ffb9acdb0bb67de8ac5833941acc4.tar.gz android_external_sepolicy-6261d6d8232ffb9acdb0bb67de8ac5833941acc4.tar.bz2 android_external_sepolicy-6261d6d8232ffb9acdb0bb67de8ac5833941acc4.zip