diff options
Diffstat (limited to 'adbd.te')
-rw-r--r-- | adbd.te | 16 |
1 files changed, 14 insertions, 2 deletions
@@ -1,6 +1,6 @@ # adbd seclabel is specified in init.rc since # it lives in the rootfs and has no unique file type. -type adbd, domain; +type adbd, domain, mlstrustedsubject; userdebug_or_eng(` allow adbd self:process setcurrent; @@ -41,10 +41,11 @@ allow adbd sdcard_type:file create_file_perms; allow adbd anr_data_file:dir r_dir_perms; allow adbd anr_data_file:file r_file_perms; -# Set service.adb.*, sys.powerctl properties. +# Set service.adb.*, sys.powerctl, and sys.usb.ffs.ready properties. unix_socket_connect(adbd, property, init) allow adbd shell_prop:property_service set; allow adbd powerctl_prop:property_service set; +allow adbd ffs_prop:property_service set; # Run /system/bin/bu allow adbd system_file:file rx_file_perms; @@ -82,3 +83,14 @@ allow adbd zygote_exec:file r_file_perms; allow adbd system_file:file r_file_perms; allow adbd kernel:security read_policy; + +allow adbd surfaceflinger_service:service_manager find; +allow adbd bootchart_data_file:dir search; +allow adbd bootchart_data_file:file r_file_perms; + +# Allow access to external storage; we have several visible mount points under /storage +# and symlinks to primary storage at places like /storage/sdcard0 and /mnt/user/0/primary +allow adbd storage_file:dir r_dir_perms; +allow adbd storage_file:lnk_file r_file_perms; +allow adbd mnt_user_file:dir r_dir_perms; +allow adbd mnt_user_file:lnk_file r_file_perms; |