336d0fed4e
I took current AOSP policy as base, then removed sepolicy so that the set of type and attributes was a subset of types and attributes in Q sepolicy, with exception of those that have not yet been cleand up in current AOSP: mediaswcodec_server netd_socket mediaextractor_update_service thermalserviced thermalserviced_exec Bug: 133196056 Test: n/a Change-Id: I863429d61d3fad0272c1d3f1e429cd997513a74a Merged-In: I3e091652fa8d1757b1f71f7559186d5b32f000d5
18 lines
717 B
Text
18 lines
717 B
Text
typeattribute runas_app coredomain;
|
|
|
|
app_domain(runas_app)
|
|
untrusted_app_domain(runas_app)
|
|
net_domain(runas_app)
|
|
bluetooth_domain(runas_app)
|
|
|
|
# The ability to call exec() on files in the apps home directories
|
|
# when using run-as on a debuggable app. Used to run lldb/ndk-gdb/simpleperf,
|
|
# which are copied to the apps home directories.
|
|
allow runas_app app_data_file:file execute_no_trans;
|
|
|
|
# Allow lldb/ndk-gdb/simpleperf to read maps of debuggable app processes.
|
|
r_dir_file(runas_app, untrusted_app_all)
|
|
|
|
# Allow lldb/ndk-gdb/simpleperf to ptrace attach to debuggable app processes.
|
|
allow runas_app untrusted_app_all:process { ptrace signal sigstop };
|
|
allow runas_app untrusted_app_all:unix_stream_socket connectto;
|