Merge "adbd/shell: grant access to sepolicy for cts" into oc-dev

am: bab5872c Change-Id: I0341e66bd3a8fcbddf9daf7da84187430b5747d6

Merge "adbd/shell: grant access to sepolicy for cts" into oc-dev
2afd3383 · Jeff Vander Stoep · android-build-merger · 2ec492f1 · bab5872c · 2afd3383
Commit 2afd3383 authored 7 years ago by Jeff Vander Stoep Committed by android-build-merger 7 years ago
--- a/private/adbd.te
+++ b/private/adbd.te
@@ -103,6 +103,8 @@ allow adbd kernel:security read_policy;
 allow adbd service_contexts_file:file r_file_perms;
 allow adbd file_contexts_file:file r_file_perms;
 allow adbd seapp_contexts_file:file r_file_perms;
+allow adbd property_contexts_file:file r_file_perms;
+allow adbd sepolicy_file:file r_file_perms;
 allow adbd surfaceflinger_service:service_manager find;
 allow adbd bootchart_data_file:dir search;

--- a/public/shell.te
+++ b/public/shell.te
@@ -147,6 +147,13 @@ allow shell proc:lnk_file getattr;
 #
 allow shell dev_type:blk_file getattr;
+# read selinux policy files
+allow shell file_contexts_file:file r_file_perms;
+allow shell property_contexts_file:file r_file_perms;
+allow shell seapp_contexts_file:file r_file_perms;
+allow shell service_contexts_file:file r_file_perms;
+allow shell sepolicy_file:file r_file_perms;
 ###
 ### Neverallow rules
 ###