Merge changes from topics "norootintegrationtest", "profileshelltestdatafile"
* changes: Allow shell to create shell_[test_]_data_file sockets. Allow heapprofd to read shell_test_data_file.
This commit is contained in:
commit
7b3ae03026
3 changed files with 5 additions and 1 deletions
|
@ -45,6 +45,7 @@ r_dir_file(heapprofd, apex_art_data_file)
|
||||||
r_dir_file(heapprofd, apk_data_file)
|
r_dir_file(heapprofd, apk_data_file)
|
||||||
r_dir_file(heapprofd, dalvikcache_data_file)
|
r_dir_file(heapprofd, dalvikcache_data_file)
|
||||||
r_dir_file(heapprofd, vendor_file_type)
|
r_dir_file(heapprofd, vendor_file_type)
|
||||||
|
r_dir_file(heapprofd, shell_test_data_file)
|
||||||
# Some dex files are not world-readable.
|
# Some dex files are not world-readable.
|
||||||
# We are still constrained by the SELinux rules above.
|
# We are still constrained by the SELinux rules above.
|
||||||
allow heapprofd self:global_capability_class_set dac_read_search;
|
allow heapprofd self:global_capability_class_set dac_read_search;
|
||||||
|
|
|
@ -478,7 +478,9 @@ neverallow { domain userdebug_or_eng(`-shell') } nativetest_data_file:file no_x_
|
||||||
|
|
||||||
neverallow { domain -shell -init -adbd } shell_test_data_file:file_class_set no_w_file_perms;
|
neverallow { domain -shell -init -adbd } shell_test_data_file:file_class_set no_w_file_perms;
|
||||||
neverallow { domain -shell -init -adbd } shell_test_data_file:dir no_w_dir_perms;
|
neverallow { domain -shell -init -adbd } shell_test_data_file:dir no_w_dir_perms;
|
||||||
neverallow { domain -shell -init -adbd } shell_test_data_file:file *;
|
neverallow { domain -shell -init -adbd -heapprofd } shell_test_data_file:file *;
|
||||||
|
neverallow heapprofd shell_test_data_file:file { no_w_file_perms no_x_file_perms };
|
||||||
|
neverallow { domain -shell -init -adbd } shell_test_data_file:sock_file *;
|
||||||
|
|
||||||
# Only the init property service should write to /data/property and /dev/__properties__
|
# Only the init property service should write to /data/property and /dev/__properties__
|
||||||
neverallow { domain -init } property_data_file:dir no_w_dir_perms;
|
neverallow { domain -init } property_data_file:dir no_w_dir_perms;
|
||||||
|
|
|
@ -30,6 +30,7 @@ allow shell shell_test_data_file:dir create_dir_perms;
|
||||||
allow shell shell_test_data_file:file create_file_perms;
|
allow shell shell_test_data_file:file create_file_perms;
|
||||||
allow shell shell_test_data_file:file rx_file_perms;
|
allow shell shell_test_data_file:file rx_file_perms;
|
||||||
allow shell shell_test_data_file:lnk_file create_file_perms;
|
allow shell shell_test_data_file:lnk_file create_file_perms;
|
||||||
|
allow shell shell_test_data_file:sock_file create_file_perms;
|
||||||
|
|
||||||
# Read and delete from /data/local/traces.
|
# Read and delete from /data/local/traces.
|
||||||
allow shell trace_data_file:file { r_file_perms unlink };
|
allow shell trace_data_file:file { r_file_perms unlink };
|
||||||
|
|
Loading…
Reference in a new issue