d99e6d5fa1
Also make su and shell permissive in non-user builds to allow use of setenforce without violating the neverallow rule. Change-Id: Ie76ee04e90d5a76dfaa5f56e9e3eb7e283328a3f Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
11 lines
267 B
Text
11 lines
267 B
Text
# Domain for shell processes spawned by ADB
|
|
type shell, domain;
|
|
type shell_exec, exec_type, file_type;
|
|
unconfined_domain(shell)
|
|
|
|
# Run app_process.
|
|
# XXX Split into its own domain?
|
|
app_domain(shell)
|
|
|
|
# shell is also permissive to permit setenforce.
|
|
permissive shell;
|