am 9504a507: Allow ADB to interact extensively with system_data_files.

* commit '9504a507': Allow ADB to interact extensively with system_data_files.

am 9504a507: Allow ADB to interact extensively with system_data_files.
16203678 · gcondra@google.com · Android Git Automerger · a69beee7 · 9504a507 · 16203678
Commit 16203678 authored 12 years ago by gcondra@google.com Committed by Android Git Automerger 12 years ago
--- a/adbd.te
+++ b/adbd.te
@@ -31,6 +31,10 @@ domain_auto_trans(adbd, shell_exec, shell)
 # Do not sanitize the environment of the shell.
 allow adbd shell:process noatsecure;
+# XXX Mostly to access system properties and keys- maybe those should be their own type?
+allow adbd system_data_file:file create_file_perms;
+allow adbd system_data_file:dir create_dir_perms;
 # Perform binder IPC to surfaceflinger (screencap)
 # XXX Run screencap in a separate domain?
 binder_use(adbd)

--- a/system.te
+++ b/system.te
@@ -140,6 +140,7 @@ allow system urandom_device:chr_file rw_file_perms;
 allow system usbaccessory_device:chr_file rw_file_perms;
 allow system video_device:chr_file rw_file_perms;
 allow system qemu_device:chr_file rw_file_perms;
+allow system devpts:chr_file rw_file_perms;
 # tun device used for 3rd party vpn apps
 allow system tun_device:chr_file rw_file_perms;