396015c395
ping in Android no longer requires any additional privileges beyond the caller. Drop the ping domain and executable file type entirely. Also add net_domain() to shell domain so that it can create and use network sockets. Change-Id: If51734abe572aecf8f510f1a55782159222e5a67 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
15 lines
378 B
Text
15 lines
378 B
Text
# Domain for shell processes spawned by ADB
|
|
type shell, domain, shelldomain, mlstrustedsubject;
|
|
type shell_exec, exec_type, file_type;
|
|
|
|
# Create and use network sockets.
|
|
net_domain(shell)
|
|
|
|
# Run app_process.
|
|
# XXX Transition into its own domain?
|
|
app_domain(shell)
|
|
|
|
# userdebug/eng shell is also permissive to permit setenforce.
|
|
permissive shell;
|
|
|
|
# inherits from shelldomain.te
|