Add shell_test_data_file for /data/local/tests
Add a domain for /data/local/tests which will be used by atest to execute tests on devices as shell or root. Bug: 138450837 Test: atest binderVendorDoubleLoadTest memunreachable_unit_test memunreachable_binder_test Change-Id: Ia34314bd9430e21c8b3304ac079e3d9b5705e19c
This commit is contained in:
Colin Cross
parent
1be8dfacfd
commit
da4e51b71f
6 changed files with 19 additions and 0 deletions
|
|
@ -19,6 +19,7 @@
|
|||
profcollectd_data_file
|
||||
profcollectd_exec
|
||||
profcollectd_service
|
||||
shell_test_data_file
|
||||
sysfs_devices_cs_etm
|
||||
update_engine_stable_service
|
||||
cgroup_v2
|
||||
|
|
|
|||
|
|
@ -522,6 +522,7 @@
|
|||
/data/gsi/ota(/.*)? u:object_r:ota_image_data_file:s0
|
||||
/data/tombstones(/.*)? u:object_r:tombstone_data_file:s0
|
||||
/data/vendor/tombstones/wifi(/.*)? u:object_r:tombstone_wifi_data_file:s0
|
||||
/data/local/tests(/.*)? u:object_r:shell_test_data_file:s0
|
||||
/data/local/tmp(/.*)? u:object_r:shell_data_file:s0
|
||||
/data/local/tmp/ltp(/.*)? u:object_r:nativetest_data_file:s0
|
||||
/data/local/traces(/.*)? u:object_r:trace_data_file:s0
|
||||
|
|
|
|||
|
|
@ -6,3 +6,8 @@ type adbd_exec, exec_type, file_type, system_file_type;
|
|||
# Only init is allowed to enter the adbd domain via exec()
|
||||
neverallow { domain -init } adbd:process transition;
|
||||
neverallow * adbd:process dyntransition;
|
||||
|
||||
# Access /data/local/tests.
|
||||
allow adbd shell_test_data_file:dir create_dir_perms;
|
||||
allow adbd shell_test_data_file:file create_file_perms;
|
||||
allow adbd shell_test_data_file:lnk_file create_file_perms;
|
||||
|
|
|
|||
|
|
@ -471,6 +471,10 @@ neverallow { domain userdebug_or_eng(`-kernel') } nativetest_data_file:file_clas
|
|||
neverallow domain nativetest_data_file:dir no_w_dir_perms;
|
||||
neverallow { domain userdebug_or_eng(`-shell') } nativetest_data_file:file no_x_file_perms;
|
||||
|
||||
neverallow { domain -shell -init -adbd } shell_test_data_file:file_class_set no_w_file_perms;
|
||||
neverallow { domain -shell -init -adbd } shell_test_data_file:dir no_w_dir_perms;
|
||||
neverallow { domain -shell -init -adbd } shell_test_data_file:file *;
|
||||
|
||||
# Only the init property service should write to /data/property and /dev/__properties__
|
||||
neverallow { domain -init } property_data_file:dir no_w_dir_perms;
|
||||
neverallow { domain -init } property_data_file:file { no_w_file_perms no_x_file_perms };
|
||||
|
|
|
|||
|
|
@ -308,6 +308,8 @@ type dropbox_data_file, file_type, data_file_type, core_data_file_type;
|
|||
type heapdump_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
||||
# /data/nativetest
|
||||
type nativetest_data_file, file_type, data_file_type, core_data_file_type;
|
||||
# /data/local/tests
|
||||
type shell_test_data_file, file_type, data_file_type, core_data_file_type;
|
||||
# /data/system_de/0/ringtones
|
||||
type ringtone_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
||||
# /data/preloads
|
||||
|
|
|
|||
|
|
@ -25,6 +25,12 @@ allow shell shell_data_file:file create_file_perms;
|
|||
allow shell shell_data_file:file rx_file_perms;
|
||||
allow shell shell_data_file:lnk_file create_file_perms;
|
||||
|
||||
# Access /data/local/tests.
|
||||
allow shell shell_test_data_file:dir create_dir_perms;
|
||||
allow shell shell_test_data_file:file create_file_perms;
|
||||
allow shell shell_test_data_file:file rx_file_perms;
|
||||
allow shell shell_test_data_file:lnk_file create_file_perms;
|
||||
|
||||
# Read and delete from /data/local/traces.
|
||||
allow shell trace_data_file:file { r_file_perms unlink };
|
||||
allow shell trace_data_file:dir { r_dir_perms remove_name write };
|
||||
|
|
|
|||
Loading…
Reference in a new issue