25ab737cb7
While searching the policy I came across some ancient TODOs, which can now be done. Bug: 186396070 Test: atest MicrodroidTests MicrodroidHostTests Test: Manually run vm_shell start-microdroid Change-Id: I21b9f992394b637399cc074dca8339e3167cf5af
34 lines
1.1 KiB
Text
34 lines
1.1 KiB
Text
typeattribute shell coredomain;
|
|
|
|
# Perform SELinux access checks, needed for CTS
|
|
selinux_check_access(shell)
|
|
selinux_check_context(shell)
|
|
|
|
# Allow shell to run adb shell cmd stats commands. Needed for CTS.
|
|
binder_call(shell, statsd);
|
|
|
|
# Connect to adbd and use a socket transferred from it.
|
|
# This is used for e.g. adb backup/restore.
|
|
allow shell adbd:unix_stream_socket connectto;
|
|
allow shell adbd:fd use;
|
|
allow shell adbd:unix_stream_socket { getattr getopt ioctl read write shutdown };
|
|
|
|
# filesystem test for insecure chr_file's is done
|
|
# via a host side test
|
|
allow shell dev_type:dir r_dir_perms;
|
|
allow shell dev_type:chr_file getattr;
|
|
|
|
# filesystem test for insucre blk_file's is done
|
|
# via hostside test
|
|
allow shell dev_type:blk_file getattr;
|
|
|
|
# Test tool automatically tries to access /sys/class/power_supply.
|
|
# Suppressing it as we don't need power_supply in microdroid.
|
|
dontaudit shell sysfs:dir r_dir_perms;
|
|
|
|
# Test tool tries to read various service status properties.
|
|
get_prop(shell, boot_status_prop)
|
|
get_prop(shell, init_service_status_prop)
|
|
get_prop(shell, init_service_status_private_prop)
|
|
|
|
set_prop(shell, log_tag_prop)
|