Remove domain_deprecated from adbd and shell am: 8ca19368da am: 78d03007ae
am: 06f9497794
* commit '06f94977949d858e4743c2856daf7e85c9a72650':
Remove domain_deprecated from adbd and shell
This commit is contained in:
Nick Kralevich
android-build-merger
commit
ab26b4892c
4 changed files with 11 additions and 5 deletions
2
adbd.te
2
adbd.te
|
|
@ -1,6 +1,6 @@
|
|||
# adbd seclabel is specified in init.rc since
|
||||
# it lives in the rootfs and has no unique file type.
|
||||
type adbd, domain, domain_deprecated, mlstrustedsubject;
|
||||
type adbd, domain, mlstrustedsubject;
|
||||
|
||||
userdebug_or_eng(`
|
||||
allow adbd self:process setcurrent;
|
||||
|
|
|
|||
|
|
@ -88,6 +88,9 @@ allow domain system_file:dir { search getattr };
|
|||
allow domain system_file:file { execute read open getattr };
|
||||
allow domain system_file:lnk_file read;
|
||||
|
||||
# libc references /data/misc/zoneinfo for timezone related information
|
||||
r_dir_file(domain, zoneinfo_data_file)
|
||||
|
||||
# files under /data.
|
||||
allow domain system_data_file:dir { search getattr };
|
||||
allow domain system_data_file:lnk_file read;
|
||||
|
|
|
|||
|
|
@ -53,9 +53,6 @@ allow domain_deprecated cache_file:dir r_dir_perms;
|
|||
allow domain_deprecated cache_file:file { getattr read };
|
||||
allow domain_deprecated cache_file:lnk_file r_file_perms;
|
||||
|
||||
# Read timezone related information
|
||||
r_dir_file(domain_deprecated, zoneinfo_data_file)
|
||||
|
||||
# For /acct/uid/*/tasks.
|
||||
allow domain_deprecated cgroup:dir { search write };
|
||||
allow domain_deprecated cgroup:file w_file_perms;
|
||||
|
|
|
|||
8
shell.te
8
shell.te
|
|
@ -1,5 +1,5 @@
|
|||
# Domain for shell processes spawned by ADB or console service.
|
||||
type shell, domain, domain_deprecated, mlstrustedsubject;
|
||||
type shell, domain, mlstrustedsubject;
|
||||
type shell_exec, exec_type, file_type;
|
||||
|
||||
# Create and use network sockets.
|
||||
|
|
@ -21,6 +21,10 @@ userdebug_or_eng(`
|
|||
allow shell misc_logd_file:file r_file_perms;
|
||||
')
|
||||
|
||||
# interact with adb
|
||||
allow shell adbd:fd use;
|
||||
allow shell adbd:unix_stream_socket { read write ioctl getattr };
|
||||
|
||||
# read files in /data/anr
|
||||
allow shell anr_data_file:dir r_dir_perms;
|
||||
allow shell anr_data_file:file r_file_perms;
|
||||
|
|
@ -82,6 +86,8 @@ allow shell servicemanager:service_manager list;
|
|||
allow shell { service_manager_type -gatekeeper_service }:service_manager find;
|
||||
|
||||
# allow shell to look through /proc/ for ps, top
|
||||
r_dir_file(shell, proc)
|
||||
r_dir_file(shell, cgroup)
|
||||
allow shell domain:dir { search open read getattr };
|
||||
allow shell domain:{ file lnk_file } { open read getattr };
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue