Skip to content
Snippets Groups Projects
Commit 29b9532a authored by Nick Kralevich's avatar Nick Kralevich
Browse files

shell.te: Allow read access to system_file

Certain tests depend on the ability to examine directories
in /system. Allow it to the shell user.

Addresses the following denials:

  avc: denied { read } for name="egl" dev="dm-1" ino=104 scontext=u:r:shell:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0

Bug: 26020967
Bug: 26023420
Change-Id: I509d921e159e99164c85fae9e8b2982a47573d14
parent 98c3f997
No related branches found
No related tags found
No related merge requests found
...@@ -52,6 +52,7 @@ allow shell tty_device:chr_file rw_file_perms; ...@@ -52,6 +52,7 @@ allow shell tty_device:chr_file rw_file_perms;
allow shell console_device:chr_file rw_file_perms; allow shell console_device:chr_file rw_file_perms;
allow shell input_device:dir r_dir_perms; allow shell input_device:dir r_dir_perms;
allow shell input_device:chr_file rw_file_perms; allow shell input_device:chr_file rw_file_perms;
r_dir_file(shell, system_file)
allow shell system_file:file x_file_perms; allow shell system_file:file x_file_perms;
allow shell toolbox_exec:file rx_file_perms; allow shell toolbox_exec:file rx_file_perms;
allow shell shell_exec:file rx_file_perms; allow shell shell_exec:file rx_file_perms;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment