75806ef3c5
Ideally, public should only contain APIs (types / attributes) for
vendor. The other statements like allow/neverallow/typeattributes are
regarded as implementation detail for platform and should be in private.
Bug: 232023812
Test: m selinux_policy
Test: diff <(git diff --staged | grep "^-" | cut -b2- | sort) \
<(git diff --staged | grep "^+" | cut -b2- | sort)
Test: remove comments on plat_sepolicy.cil, replace base_typeattr_*
to base_typeattr and then compare old and new plat_sepolicy.cil
Change-Id: I5e7d2da4465ab0216de6bacdf03077d37f6ffe12
18 lines
780 B
Text
18 lines
780 B
Text
allow vendor_shell vendor_shell_exec:file rx_file_perms;
|
|
allow vendor_shell vendor_toolbox_exec:file rx_file_perms;
|
|
|
|
# Use fd from shell when vendor_shell is started from shell
|
|
allow vendor_shell shell:fd use;
|
|
|
|
# adbd: allow `adb shell /vendor/bin/sh` and `adb shell` then `/vendor/bin/sh`
|
|
allow vendor_shell adbd:fd use;
|
|
allow vendor_shell adbd:process sigchld;
|
|
allow vendor_shell adbd:unix_stream_socket { getattr ioctl read write };
|
|
|
|
allow vendor_shell devpts:chr_file rw_file_perms;
|
|
allow vendor_shell tty_device:chr_file rw_file_perms;
|
|
allow vendor_shell console_device:chr_file rw_file_perms;
|
|
allow vendor_shell input_device:dir r_dir_perms;
|
|
allow vendor_shell input_device:chr_file rw_file_perms;
|
|
|
|
userdebug_or_eng(`set_prop(vendor_shell, persist_vendor_debug_wifi_prop)')
|