blob: 5ba57760ff3f945634789302811b11e5ffdd8c2c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
# File types must be defined for file_contexts.
type su_exec, exec_type, file_type;
userdebug_or_eng(`
# Domain used for su processes, as well as for adbd and adb shell
# after performing an adb root command. The domain definition is
# wrapped to ensure that it does not exist at all on -user builds.
type su, domain;
domain_auto_trans(shell, su_exec, su)
# Allow dumpstate to call su on userdebug / eng builds to collect
# additional information.
domain_auto_trans(dumpstate, su_exec, su)
# su is unconfined.
unconfined_domain(su)
allow su ashmem_device:chr_file execute;
allow su self:process execmem;
tmpfs_domain(su)
allow su su_tmpfs:file execute;
allow su debuggerd_prop:property_service set;
# su is also permissive to permit setenforce.
permissive su;
')
|
