am 2b732237: Allow all domains to read the log devices.
* commit '2b732237d1f8c49b6e93f7e90b0d0aa5b07e1a90': Allow all domains to read the log devices.
This commit is contained in:
Stephen Smalley
Android Git Automerger
commit
b935556567
5 changed files with 1 additions and 15 deletions
1
adbd.te
1
adbd.te
|
|
@ -20,7 +20,6 @@ allow adbd sdcard_type:file create_file_perms;
|
||||||
|
|
||||||
allow adbd graphics_device:dir search;
|
allow adbd graphics_device:dir search;
|
||||||
allow adbd graphics_device:chr_file r_file_perms;
|
allow adbd graphics_device:chr_file r_file_perms;
|
||||||
allow adbd log_device:chr_file r_file_perms;
|
|
||||||
# XXX Run /system/bin/vdc to connect to vold. Run in a separate domain?
|
# XXX Run /system/bin/vdc to connect to vold. Run in a separate domain?
|
||||||
allow adbd system_file:file rx_file_perms;
|
allow adbd system_file:file rx_file_perms;
|
||||||
unix_socket_connect(adbd, vold, vold)
|
unix_socket_connect(adbd, vold, vold)
|
||||||
|
|
|
||||||
9
app.te
9
app.te
|
|
@ -13,8 +13,6 @@ platform_app_domain(platform_app)
|
||||||
net_domain(platform_app)
|
net_domain(platform_app)
|
||||||
# Access bluetooth.
|
# Access bluetooth.
|
||||||
bluetooth_domain(platform_app)
|
bluetooth_domain(platform_app)
|
||||||
# Read logs.
|
|
||||||
allow platform_app log_device:chr_file read;
|
|
||||||
# Write to /cache.
|
# Write to /cache.
|
||||||
allow platform_app cache_file:dir rw_dir_perms;
|
allow platform_app cache_file:dir rw_dir_perms;
|
||||||
allow platform_app cache_file:file create_file_perms;
|
allow platform_app cache_file:file create_file_perms;
|
||||||
|
|
@ -34,8 +32,6 @@ app_domain(media_app)
|
||||||
platform_app_domain(media_app)
|
platform_app_domain(media_app)
|
||||||
# Access the network.
|
# Access the network.
|
||||||
net_domain(media_app)
|
net_domain(media_app)
|
||||||
# Read logs.
|
|
||||||
allow media_app log_device:chr_file read;
|
|
||||||
# Access /dev/mtp_usb.
|
# Access /dev/mtp_usb.
|
||||||
allow media_app mtp_device:chr_file rw_file_perms;
|
allow media_app mtp_device:chr_file rw_file_perms;
|
||||||
# Write to /cache.
|
# Write to /cache.
|
||||||
|
|
@ -56,8 +52,6 @@ platform_app_domain(shared_app)
|
||||||
net_domain(shared_app)
|
net_domain(shared_app)
|
||||||
# Access bluetooth.
|
# Access bluetooth.
|
||||||
bluetooth_domain(shared_app)
|
bluetooth_domain(shared_app)
|
||||||
# Read logs.
|
|
||||||
allow shared_app log_device:chr_file read;
|
|
||||||
# ASEC
|
# ASEC
|
||||||
r_dir_file(shared_app, asec_apk_file);
|
r_dir_file(shared_app, asec_apk_file);
|
||||||
|
|
||||||
|
|
@ -69,8 +63,6 @@ platform_app_domain(release_app)
|
||||||
net_domain(release_app)
|
net_domain(release_app)
|
||||||
# Access bluetooth.
|
# Access bluetooth.
|
||||||
bluetooth_domain(release_app)
|
bluetooth_domain(release_app)
|
||||||
# Read logs.
|
|
||||||
allow release_app log_device:chr_file read;
|
|
||||||
|
|
||||||
# Services with isolatedProcess=true in their manifest.
|
# Services with isolatedProcess=true in their manifest.
|
||||||
# In order for isolated_apps to interact with apps that have levelFromUid=true
|
# In order for isolated_apps to interact with apps that have levelFromUid=true
|
||||||
|
|
@ -101,7 +93,6 @@ net_domain(untrusted_app)
|
||||||
bluetooth_domain(untrusted_app)
|
bluetooth_domain(untrusted_app)
|
||||||
allow untrusted_app tun_device:chr_file rw_file_perms;
|
allow untrusted_app tun_device:chr_file rw_file_perms;
|
||||||
allow untrusted_app system_data_file:file { execute open };
|
allow untrusted_app system_data_file:file { execute open };
|
||||||
allow untrusted_app log_device:chr_file read;
|
|
||||||
|
|
||||||
# Internal SDCard rw access.
|
# Internal SDCard rw access.
|
||||||
bool app_internal_sdcard_rw true;
|
bool app_internal_sdcard_rw true;
|
||||||
|
|
|
||||||
|
|
@ -17,4 +17,3 @@ allow debuggerd tombstone_data_file:dir create_dir_perms;
|
||||||
allow debuggerd tombstone_data_file:file create_file_perms;
|
allow debuggerd tombstone_data_file:file create_file_perms;
|
||||||
allow debuggerd domain:process { sigstop signal };
|
allow debuggerd domain:process { sigstop signal };
|
||||||
allow debuggerd exec_type:file r_file_perms;
|
allow debuggerd exec_type:file r_file_perms;
|
||||||
allow debuggerd log_device:chr_file r_file_perms;
|
|
||||||
|
|
|
||||||
|
|
@ -50,7 +50,7 @@ allow domain binder_device:chr_file rw_file_perms;
|
||||||
allow domain ptmx_device:chr_file rw_file_perms;
|
allow domain ptmx_device:chr_file rw_file_perms;
|
||||||
allow domain powervr_device:chr_file rw_file_perms;
|
allow domain powervr_device:chr_file rw_file_perms;
|
||||||
allow domain log_device:dir search;
|
allow domain log_device:dir search;
|
||||||
allow domain log_device:chr_file w_file_perms;
|
allow domain log_device:chr_file rw_file_perms;
|
||||||
allow domain nv_device:chr_file rw_file_perms;
|
allow domain nv_device:chr_file rw_file_perms;
|
||||||
allow domain alarm_device:chr_file r_file_perms;
|
allow domain alarm_device:chr_file r_file_perms;
|
||||||
allow domain urandom_device:chr_file r_file_perms;
|
allow domain urandom_device:chr_file r_file_perms;
|
||||||
|
|
|
||||||
3
shell.te
3
shell.te
|
|
@ -20,9 +20,6 @@ allow shell sdcard_type:file create_file_perms;
|
||||||
r_dir_file(shell, apk_data_file)
|
r_dir_file(shell, apk_data_file)
|
||||||
allow shell dalvikcache_data_file:file { write setattr };
|
allow shell dalvikcache_data_file:file { write setattr };
|
||||||
|
|
||||||
# Run logcat.
|
|
||||||
allow shell log_device:chr_file r_file_perms;
|
|
||||||
|
|
||||||
# Run app_process.
|
# Run app_process.
|
||||||
# XXX Split into its own domain?
|
# XXX Split into its own domain?
|
||||||
app_domain(shell)
|
app_domain(shell)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue