Skip to content
Snippets Groups Projects
Select Git revision
  • d9128a45c656724a5152ad52c11feeb05f867953
  • master default protected
  • android-7.1.2_r28_klist
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
41 results

te_macros

Blame
    • Mark Salyzyn's avatar
      61d665af
      logd: allow access to system files · 61d665af
      Mark Salyzyn authored
      - allow access for /data/system/packages.xml.
      - deprecate access to /dev/logd_debug (can use /dev/kmsg for debugging)
      - allow access to /dev/socket/logd for 'logd --reinit'
      
      Bug: 19681572
      Change-Id: Iac57fff1aabc3b061ad2cc27969017797f8bef54
      61d665af
      History
      logd: allow access to system files
      Mark Salyzyn authored
      - allow access for /data/system/packages.xml.
      - deprecate access to /dev/logd_debug (can use /dev/kmsg for debugging)
      - allow access to /dev/socket/logd for 'logd --reinit'
      
      Bug: 19681572
      Change-Id: Iac57fff1aabc3b061ad2cc27969017797f8bef54
    runas.te 913 B
    type runas, domain, mlstrustedsubject;
    type runas_exec, exec_type, file_type;
    
    # ndk-gdb invokes adb shell run-as.
    domain_auto_trans(shell, runas_exec, runas)
    allow runas adbd:process sigchld;
    allow runas shell:fd use;
    allow runas shell:fifo_file { read write };
    allow runas devpts:chr_file { read write ioctl };
    
    # run-as reads package information.
    allow runas system_data_file:file r_file_perms;
    
    # run-as checks and changes to the app data dir.
    dontaudit runas self:capability dac_override;
    allow runas app_data_file:dir { getattr search };
    
    # run-as switches to the app UID/GID.
    allow runas self:capability { setuid setgid };
    
    # run-as switches to the app security context.
    # read /seapp_contexts and /data/security/seapp_contexts
    security_access_policy(runas)
    selinux_check_context(runas) # validate context
    allow runas self:process setcurrent;
    allow runas non_system_app_set:process dyntransition; # setcon