From 15a1e0d41a644a283a1b71e8807b5c64da879659 Mon Sep 17 00:00:00 2001
From: Felipe Leme <felipeal@google.com>
Date: Wed, 2 Dec 2015 12:12:09 -0800
Subject: [PATCH] Explicitly added permissions that were previously granted
 through domain_deprecated.

BUG: 25965160
Change-Id: I586d082ef5fe49079cb0c4056f8e7b34fae48c03
---
 shell.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/shell.te b/shell.te
index a02fbd00f..a8089d6fb 100644
--- a/shell.te
+++ b/shell.te
@@ -71,6 +71,7 @@ set_prop(shell, powerctl_prop)
 # Directory read access and file write access is already granted
 # in domain.te.
 allow shell debugfs:file r_file_perms;
+allow shell debugfs:dir search;
 allow shell atrace_exec:file rx_file_perms;
 
 userdebug_or_eng(`
@@ -113,3 +114,6 @@ allow shell self:process ptrace;
 # bugs, so we want to ensure the shell user never has this
 # capability.
 neverallow shell file_type:file link;
+
+# Allow access to ion memory allocation device.
+allow shell ion_device:chr_file { open read };
-- 
GitLab