diff options
Diffstat (limited to 'shelldomain.te')
-rw-r--r-- | shelldomain.te | 37 |
1 files changed, 0 insertions, 37 deletions
diff --git a/shelldomain.te b/shelldomain.te deleted file mode 100644 index 3dd0941..0000000 --- a/shelldomain.te +++ /dev/null @@ -1,37 +0,0 @@ -# Rules for all shell domains (e.g. console service and adb shell). - -# Access /data/local/tmp. -allow shelldomain shell_data_file:dir create_dir_perms; -allow shelldomain shell_data_file:file create_file_perms; -allow shelldomain shell_data_file:file rx_file_perms; - -# adb bugreport -unix_socket_connect(shelldomain, dumpstate, dumpstate) - -allow shelldomain rootfs:dir r_dir_perms; -allow shelldomain devpts:chr_file rw_file_perms; -allow shelldomain tty_device:chr_file rw_file_perms; -allow shelldomain console_device:chr_file rw_file_perms; -allow shelldomain input_device:chr_file rw_file_perms; -allow shelldomain system_file:file x_file_perms; -allow shelldomain shell_exec:file rx_file_perms; -allow shelldomain zygote_exec:file rx_file_perms; - -r_dir_file(shelldomain, apk_data_file) - -# Set properties. -unix_socket_connect(shelldomain, property, init) -allow shelldomain shell_prop:property_service set; -allow shelldomain ctl_dumpstate_prop:property_service set; -allow shelldomain debug_prop:property_service set; -allow shelldomain powerctl_prop:property_service set; - -# systrace support - allow atrace to run -# debugfs doesn't support labeling individual files, so we have -# to grant read access to all of /sys/kernel/debug. -# Directory read access and file write access is already granted -# in domain.te. -allow shelldomain debugfs:file r_file_perms; - -# allow shell to run dmesg -allow shelldomain kernel:system syslog_read; |