diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2014-02-21 13:45:29 -0500 |
|---|---|---|
| committer | Stephen Smalley <sds@tycho.nsa.gov> | 2014-02-21 13:51:48 -0500 |
| commit | b3cb9695c43d3b1353a10d35dd025ad7b9700365 (patch) | |
| tree | 8980f4c4baf7e66ca85ca3fa05faa235b280c112 /shell.te | |
| parent | b73d321ad01bd279e7ed77c4569d35b628da6615 (diff) | |
| download | android_external_sepolicy-b3cb9695c43d3b1353a10d35dd025ad7b9700365.tar.gz android_external_sepolicy-b3cb9695c43d3b1353a10d35dd025ad7b9700365.tar.bz2 android_external_sepolicy-b3cb9695c43d3b1353a10d35dd025ad7b9700365.zip | |
Clarify init_shell, shell, and su domain usage.
init_shell domain is now only used for shell commands or scripts
invoked by init*.rc files, never for an interactive shell. It
was being used for console service for a while but console service
is now assigned shell domain via seclabel in init.rc. We may want
to reconsider the shelldomain rules for init_shell and whether they
are still appropriate.
shell domain is now used by both adb shell and console service, both
of which also run in the shell UID.
su domain is now used not only for /system/bin/su but also for
adbd and its descendants after an adb root is performed.
Change-Id: I502ab98aafab7dafb8920ccaa25e8fde14a8f572
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'shell.te')
| -rw-r--r-- | shell.te | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -1,4 +1,4 @@ -# Domain for shell processes spawned by ADB +# Domain for shell processes spawned by ADB or console service. type shell, domain, shelldomain, mlstrustedsubject; type shell_exec, exec_type, file_type; |