fa281f5d78
Commit a191398812 added a new
SELinux label to /system/xbin/procrank, which had the effect of
preventing dumpstate from executing procrank. Allow dumpstate
to execute procrank.
Bug: 18342188
Change-Id: If5b781db0d3af34912f3c803b7fa73d53120f3ba
15 lines
559 B
Text
15 lines
559 B
Text
# File types must be defined for file_contexts.
|
|
type procrank_exec, exec_type, file_type;
|
|
|
|
userdebug_or_eng(`
|
|
type procrank, domain, mlstrustedsubject;
|
|
|
|
domain_auto_trans(shell, procrank_exec, procrank)
|
|
domain_auto_trans(dumpstate, procrank_exec, procrank)
|
|
allow procrank self:capability sys_ptrace;
|
|
allow procrank devpts:chr_file { read write getattr ioctl };
|
|
allow procrank dumpstate:unix_stream_socket { read write getattr };
|
|
r_dir_file(procrank, domain)
|
|
allow procrank { shell dumpstate }:fd use;
|
|
allow procrank adbd:process sigchld;
|
|
')
|