2014-01-10 00:25:36 +01:00
|
|
|
userdebug_or_eng(`
|
2017-03-24 17:30:19 +01:00
|
|
|
typeattribute su coredomain;
|
|
|
|
|
2014-01-10 00:25:36 +01:00
|
|
|
domain_auto_trans(shell, su_exec, su)
|
|
|
|
# Allow dumpstate to call su on userdebug / eng builds to collect
|
|
|
|
# additional information.
|
|
|
|
domain_auto_trans(dumpstate, su_exec, su)
|
2013-12-02 20:18:11 +01:00
|
|
|
|
2015-01-29 21:11:55 +01:00
|
|
|
# Make sure that dumpstate runs the same from the "su" domain as
|
|
|
|
# from the "init" domain.
|
|
|
|
domain_auto_trans(su, dumpstate_exec, dumpstate)
|
|
|
|
|
2016-11-21 08:23:04 +01:00
|
|
|
# Put the incident command into its domain so it is the same on user, userdebug and eng.
|
|
|
|
domain_auto_trans(su, incident_exec, incident)
|
|
|
|
|
2020-10-16 16:29:55 +02:00
|
|
|
# Put the odrefresh command into its domain.
|
|
|
|
domain_auto_trans(su, odrefresh_exec, odrefresh)
|
|
|
|
|
2018-01-24 17:07:09 +01:00
|
|
|
# Put the perfetto command into its domain so it is the same on user, userdebug and eng.
|
|
|
|
domain_auto_trans(su, perfetto_exec, perfetto)
|
|
|
|
|
2023-12-20 13:36:18 +01:00
|
|
|
# Allow accessing virtualization (e.g. via the vm command) - ensures virtmgr runs in its
|
|
|
|
# own domain.
|
|
|
|
virtualizationservice_use(su)
|
2022-12-15 14:38:42 +01:00
|
|
|
|
2017-11-01 18:17:28 +01:00
|
|
|
# su is also permissive to permit setenforce.
|
2014-01-10 00:25:36 +01:00
|
|
|
permissive su;
|
2014-05-02 23:50:26 +02:00
|
|
|
|
2016-12-08 20:23:34 +01:00
|
|
|
app_domain(su)
|
2020-07-27 22:06:11 +02:00
|
|
|
|
|
|
|
# Do not audit accesses to keystore2 namespace for the su domain.
|
|
|
|
dontaudit su keystore2_key_type:{ keystore2 keystore2_key } *;
|
|
|
|
|
2022-05-20 20:25:26 +02:00
|
|
|
# Allow root to set MTE permissive mode.
|
|
|
|
set_prop(su, permissive_mte_prop);
|
2014-01-10 00:25:36 +01:00
|
|
|
')
|