Allow shell domain to use system_server_service.

Shell domain needs to be able to access system_server_services, e.g. when running the pm command. Addresses the following denials: 10-07 00:59:26.901 178 178 E SELinux : avc: denied { find } for service=user scontext=u:r:shell:s0 tcontext=u:object_r:system_server_service:s0 tclass=service_manager 10-07 00:59:26.903 178 178 E SELinux : avc: denied { find } for service=package scontext=u:r:shell:s0 tcontext=u:object_r:system_server_service:s0 tclass=service_manager Change-Id: I4cc2f31809a2615ba781e2ecfe2ca7d6f5226b73

Allow shell domain to use system_server_service.
403d8fee · dcashman · cd82557d · 403d8fee
Commit 403d8fee authored 10 years ago by dcashman
--- a/shell.te
+++ b/shell.te
@@ -44,6 +44,8 @@ allow shell ctl_dumpstate_prop:property_service set;
 allow shell debug_prop:property_service set;
 allow shell powerctl_prop:property_service set;

+allow shell system_server_service:service_manager find;
+
 # systrace support - allow atrace to run
 # debugfs doesn't support labeling individual files, so we have
 # to grant read access to all of /sys/kernel/debug.