6c4c27e626
/data/security is another location that policy files can reside. In fact, these policy files take precedence over their rootfs counterparts under certain circumstances. Give the appropriate players the rights to read these policy files. Change-Id: I9951c808ca97c2e35a9adb717ce5cb98cda24c41
19 lines
811 B
Text
19 lines
811 B
Text
# debugger interface
|
|
type debuggerd, domain;
|
|
type debuggerd_exec, exec_type, file_type;
|
|
|
|
init_daemon_domain(debuggerd)
|
|
typeattribute debuggerd mlstrustedsubject;
|
|
allow debuggerd self:capability { dac_override sys_ptrace chown kill fowner };
|
|
allow debuggerd self:capability2 { syslog };
|
|
allow debuggerd domain:dir r_dir_perms;
|
|
allow debuggerd domain:file r_file_perms;
|
|
allow debuggerd domain:process ptrace;
|
|
security_access_policy(debuggerd)
|
|
allow debuggerd system_data_file:dir create_dir_perms;
|
|
allow debuggerd system_data_file:dir relabelfrom;
|
|
allow debuggerd tombstone_data_file:dir relabelto;
|
|
allow debuggerd tombstone_data_file:dir create_dir_perms;
|
|
allow debuggerd tombstone_data_file:file create_file_perms;
|
|
allow debuggerd domain:process { sigstop signal };
|
|
allow debuggerd exec_type:file r_file_perms;
|