1. seandroid
  2. Untitled project
  3. external/sepolicy

Commits

Stephen Smalley  committed 51f449e

Split init_shell into its own file to match AOSP.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

  • Participants
  • Parent commits 92d682e
  • Branches seandroid, seandroid-4.3 1
    1. seandroid-4.4

Comments (0)

Files changed (2)

File init_shell.te

View file
+# Domain for init-spawned shell processes (e.g. console service).
+type init_shell, domain, shelldomain, mlstrustedsubject;
+
+# Rules for init-spawned shells.
+binder_use(init_shell)
+binder_call(init_shell, system)
+
+# Inherits shelldomain rules from shell.te

File shell.te

View file
-# Type for /system/bin/sh and friends.
-type shell_exec, file_type, exec_type;
-
-# Domain for adb shell process.
+# Domain for shell processes spawned by ADB
 type shell, domain, shelldomain, mlstrustedsubject;
-
-# Domain for init-spawned shell processes (e.g. console service).
-type init_shell, domain, shelldomain, mlstrustedsubject;
+type shell_exec, file_type, exec_type;
 
 # Rules for adb shell.
 # Access /data/local/tmp.
 # XXX Split into its own domain?
 app_domain(shell)
 
-# Rules for init-spawned shells.
-binder_use(init_shell)
-binder_call(init_shell, system)
-
 # Rules for all shell domains.
 allow shelldomain rootfs:dir r_dir_perms;
 allow shelldomain devpts:chr_file rw_file_perms;