4ea5569f53
This CL creates a traceur_app domain with userdebug privileges akin to what shell has with regards to being able to find most services on device. Previously, traceur was running as shell which was an unintentional abuse of selinux architecture. Bug: 68126425 Test: Traceur functions outside of shell user privilege Change-Id: Ib5090e7e8225ad201b3ec24b506fe2717101d0f1
21 lines
477 B
Text
21 lines
477 B
Text
type traceur_app, domain;
|
|
|
|
userdebug_or_eng(`
|
|
allow traceur_app servicemanager:service_manager list;
|
|
allow traceur_app hwservicemanager:hwservice_manager list;
|
|
|
|
set_prop(traceur_app, debug_prop)
|
|
|
|
allow traceur_app {
|
|
service_manager_type
|
|
-gatekeeper_service
|
|
-incident_service
|
|
-installd_service
|
|
-netd_service
|
|
-virtual_touchpad_service
|
|
-vold_service
|
|
-vr_hwc_service
|
|
}:service_manager find;
|
|
|
|
dontaudit traceur_app domain:binder call;
|
|
')
|