platform_system_sepolicy/public/vendor_shell.te
Roshan Pius a5a81002c8 sepolicy(hal_wifi): Allow wifi HAL to access persist.vendor.debug properties
We want to tweak some device params at runtime via shell (alleviates the
need to recompile HAL for changing device configuration). This will help
us test/teamfood couple of new features under development.

Bug: 173044646
Test: Wifi HAL can read persist.vendor.debug.wifi properties.
Change-Id: Iabd07e72aa5f0d97519a37d0ebb1e0a3458b6d06
2020-11-12 18:22:47 -08:00

21 lines
872 B
Text

type vendor_shell, domain;
type vendor_shell_exec, exec_type, vendor_file_type, file_type;
allow vendor_shell vendor_shell_exec:file rx_file_perms;
allow vendor_shell vendor_toolbox_exec:file rx_file_perms;
# Use fd from shell when vendor_shell is started from shell
allow vendor_shell shell:fd use;
# adbd: allow `adb shell /vendor/bin/sh` and `adb shell` then `/vendor/bin/sh`
allow vendor_shell adbd:fd use;
allow vendor_shell adbd:process sigchld;
allow vendor_shell adbd:unix_stream_socket { getattr ioctl read write };
allow vendor_shell devpts:chr_file rw_file_perms;
allow vendor_shell tty_device:chr_file rw_file_perms;
allow vendor_shell console_device:chr_file rw_file_perms;
allow vendor_shell input_device:dir r_dir_perms;
allow vendor_shell input_device:chr_file rw_file_perms;
userdebug_or_eng(`set_prop(vendor_shell, persist_vendor_debug_wifi_prop)')