6b558dcbea
This is a follow-up to f5446eb148 where
I forgot to associate su and perfprofd domains with coredomain.
Test: mmm system/sepolicy
sepolicy-analyze $OUT/root/sepolicy attribute coredomain
Bug: 35870313
Change-Id: I13f90693843f7c6fe9fea8e5332aa6dd9558478a
20 lines
604 B
Text
20 lines
604 B
Text
userdebug_or_eng(`
|
|
typeattribute su coredomain;
|
|
|
|
domain_auto_trans(shell, su_exec, su)
|
|
# Allow dumpstate to call su on userdebug / eng builds to collect
|
|
# additional information.
|
|
domain_auto_trans(dumpstate, su_exec, su)
|
|
|
|
# Make sure that dumpstate runs the same from the "su" domain as
|
|
# from the "init" domain.
|
|
domain_auto_trans(su, dumpstate_exec, dumpstate)
|
|
|
|
# Put the incident command into its domain so it is the same on user, userdebug and eng.
|
|
domain_auto_trans(su, incident_exec, incident)
|
|
|
|
# su is also permissive to permit setenforce.
|
|
permissive su;
|
|
|
|
app_domain(su)
|
|
')
|