tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Allow heapprofd to read shell_test_data_file.

Browse source 
This is so we can run integrationtests on user.

Change-Id: Ie6afad9758968e6cdeb030fbf4d3b75a61813269
This commit is contained in:
Florian Mayer 2021-02-09 13:28:49 +00:00
parent 9e794114b2
commit 5cefb23c4f
2 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
private/heapprofd.te
View file

@ -45,6 +45,7 @@ r_dir_file(heapprofd, apex_art_data_file)
r_dir_file(heapprofd, apk_data_file)
r_dir_file(heapprofd, dalvikcache_data_file)
r_dir_file(heapprofd, vendor_file_type)
r_dir_file(heapprofd, shell_test_data_file)
# Some dex files are not world-readable.
# We are still constrained by the SELinux rules above.
allow heapprofd self:global_capability_class_set dac_read_search;

3
public/domain.te
View file

@ -478,7 +478,8 @@ neverallow { domain userdebug_or_eng(`-shell') } nativetest_data_file:file no_x_
neverallow { domain -shell -init -adbd } shell_test_data_file:file_class_set no_w_file_perms;
neverallow { domain -shell -init -adbd } shell_test_data_file:dir no_w_dir_perms;
neverallow { domain -shell -init -adbd } shell_test_data_file:file *;
neverallow { domain -shell -init -adbd -heapprofd } shell_test_data_file:file *;
neverallow heapprofd shell_test_data_file:file { no_w_file_perms no_x_file_perms };
# Only the init property service should write to /data/property and /dev/__properties__
neverallow { domain -init } property_data_file:dir no_w_dir_perms;