a62b3ff58a
... and shell to get the same property for testing. Bug: 230774156 Test: atest MicrodroidTestCase Change-Id: Iaf04072c2b394d44ef1253fd048d5ccf757a8b89
42 lines
1.4 KiB
Text
42 lines
1.4 KiB
Text
typeattribute shell coredomain;
|
|
|
|
# allow shell input injection
|
|
allow shell uhid_device:chr_file rw_file_perms;
|
|
|
|
# Perform SELinux access checks, needed for CTS
|
|
selinux_check_access(shell)
|
|
selinux_check_context(shell)
|
|
|
|
# Allow shell to run adb shell cmd stats commands. Needed for CTS.
|
|
binder_call(shell, statsd);
|
|
|
|
# Allow shell to launch microdroid_launcher in its own domain
|
|
# TODO(b/186396070) remove this when microdroid_manager can do this
|
|
domain_auto_trans(shell, microdroid_app_exec, microdroid_app)
|
|
domain_auto_trans(shell, microdroid_manager_exec, microdroid_manager)
|
|
|
|
# Connect to adbd and use a socket transferred from it.
|
|
# This is used for e.g. adb backup/restore.
|
|
allow shell adbd:unix_stream_socket connectto;
|
|
allow shell adbd:fd use;
|
|
allow shell adbd:unix_stream_socket { getattr getopt ioctl read write shutdown };
|
|
|
|
# filesystem test for insecure chr_file's is done
|
|
# via a host side test
|
|
allow shell dev_type:dir r_dir_perms;
|
|
allow shell dev_type:chr_file getattr;
|
|
|
|
# filesystem test for insucre blk_file's is done
|
|
# via hostside test
|
|
allow shell dev_type:blk_file getattr;
|
|
|
|
# Test tool automatically tries to access /sys/class/power_supply.
|
|
# Suppressing it as we don't need power_supply in microdroid.
|
|
dontaudit shell sysfs:dir r_dir_perms;
|
|
|
|
# Test tool tries to read various service status properties.
|
|
get_prop(shell, boot_status_prop)
|
|
get_prop(shell, init_service_status_prop)
|
|
get_prop(shell, init_service_status_private_prop)
|
|
|
|
set_prop(shell, log_tag_prop)
|