platform_system_sepolicy/su.te

type su, domain;
type su_exec, exec_type, file_type;
domain_auto_trans(shell, su_exec, su)

# su is unconfined.
unconfined_domain(su)
SE Android policy. 2012-01-04 18:33:27 +01:00			`type su, domain;`
Make sure exec_type is assigned to all entrypoint types. Some file types used as domain entrypoints were missing the exec_type attribute. Add it and add a neverallow rule to keep it that way. Change-Id: I7563f3e03940a27ae40ed4d6bb74181c26148849 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> 2013-09-27 16:38:14 +02:00			`type su_exec, exec_type, file_type;`
SE Android policy. 2012-01-04 18:33:27 +01:00			`domain_auto_trans(shell, su_exec, su)`

			`# su is unconfined.`
			`unconfined_domain(su)`