c99fde9178
In Android, adb root is disabled at build-time by not compiling sepolicies which allows adbd to run in the `su` domain. However in Microdroid, adb root should be supported even on user builds because fully-debuggable VMs can be started and adb root is expected there. Note that adb root is still not supported in non-debuggable VMs by not starting it at all. This change removes `userdebug_or_end` conditions from the policies for adb root. In addition, the `su` domain where adbd runs when rooted is explicitly marked as a permissive domain allowed. Bug: 259729287 Test: build a user variant, run fully debuggable microdroid VM. adb root works there. Test: run non-debuggable microdroid VM. adb shell (not even adb root) doesn't work. Change-Id: I8bb40b7472dcda6619a587e832e22d3cb290c6b9
4 lines
91 B
Text
4 lines
91 B
Text
typeattribute su coredomain;
|
|
|
|
# su is also permissive to permit setenforce.
|
|
permissive su;
|