platform_system_sepolicy/procrank.te

# File types must be defined for file_contexts.
type procrank_exec, exec_type, file_type;

userdebug_or_eng(`
  type procrank, domain, mlstrustedsubject;

  domain_auto_trans(shell, procrank_exec, procrank)
  domain_auto_trans(dumpstate, procrank_exec, procrank)
  allow procrank self:capability sys_ptrace;
  allow procrank devpts:chr_file { read write getattr ioctl };
  allow procrank dumpstate:unix_stream_socket { read write getattr };
  r_dir_file(procrank, domain)
  allow procrank { shell dumpstate }:fd use;
  allow procrank adbd:process sigchld;
')
Add new "procrank" SELinux domain. /system/xbin/procrank is a setuid program run by adb shell on userdebug / eng devices. Allow it to work without running adb root. Bug: 18342188 Change-Id: I18d9f743e5588c26661eaa26e1b7e6980b15caf7 2015-03-19 17:35:31 +01:00			`# File types must be defined for file_contexts.`
			`type procrank_exec, exec_type, file_type;`

			userdebug_or_eng(`
			`type procrank, domain, mlstrustedsubject;`

			`domain_auto_trans(shell, procrank_exec, procrank)`
procrank: fix procrank when run from dumpstate Commit a191398812eb35be613541b3822a363919da8586 added a new SELinux label to /system/xbin/procrank, which had the effect of preventing dumpstate from executing procrank. Allow dumpstate to execute procrank. Bug: 18342188 Change-Id: If5b781db0d3af34912f3c803b7fa73d53120f3ba 2015-03-19 19:18:03 +01:00			`domain_auto_trans(dumpstate, procrank_exec, procrank)`
Add new "procrank" SELinux domain. /system/xbin/procrank is a setuid program run by adb shell on userdebug / eng devices. Allow it to work without running adb root. Bug: 18342188 Change-Id: I18d9f743e5588c26661eaa26e1b7e6980b15caf7 2015-03-19 17:35:31 +01:00			`allow procrank self:capability sys_ptrace;`
			`allow procrank devpts:chr_file { read write getattr ioctl };`
procrank: fix procrank when run from dumpstate Commit a191398812eb35be613541b3822a363919da8586 added a new SELinux label to /system/xbin/procrank, which had the effect of preventing dumpstate from executing procrank. Allow dumpstate to execute procrank. Bug: 18342188 Change-Id: If5b781db0d3af34912f3c803b7fa73d53120f3ba 2015-03-19 19:18:03 +01:00			`allow procrank dumpstate:unix_stream_socket { read write getattr };`
Add new "procrank" SELinux domain. /system/xbin/procrank is a setuid program run by adb shell on userdebug / eng devices. Allow it to work without running adb root. Bug: 18342188 Change-Id: I18d9f743e5588c26661eaa26e1b7e6980b15caf7 2015-03-19 17:35:31 +01:00			`r_dir_file(procrank, domain)`
procrank: fix procrank when run from dumpstate Commit a191398812eb35be613541b3822a363919da8586 added a new SELinux label to /system/xbin/procrank, which had the effect of preventing dumpstate from executing procrank. Allow dumpstate to execute procrank. Bug: 18342188 Change-Id: If5b781db0d3af34912f3c803b7fa73d53120f3ba 2015-03-19 19:18:03 +01:00			`allow procrank { shell dumpstate }:fd use;`
Add new "procrank" SELinux domain. /system/xbin/procrank is a setuid program run by adb shell on userdebug / eng devices. Allow it to work without running adb root. Bug: 18342188 Change-Id: I18d9f743e5588c26661eaa26e1b7e6980b15caf7 2015-03-19 17:35:31 +01:00			`allow procrank adbd:process sigchld;`
			`')`