Skip to content
Snippets Groups Projects
Commit 87fa2640 authored by Nick Kralevich's avatar Nick Kralevich Committed by Android Git Automerger
Browse files

am f821b5a7: allow shell dmesg 

* commit 'f821b5a7':
  allow shell dmesg
parents 8e215cf4 f821b5a7
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
app.te
+ 3
1
View file @ 87fa2640
...@@ -318,7 +318,9 @@ neverallow { appdomain -unconfineddomain } ...@@ -318,7 +318,9 @@ neverallow { appdomain -unconfineddomain }
# Access to syslog(2) or /proc/kmsg. # Access to syslog(2) or /proc/kmsg.
neverallow { appdomain -system_app -unconfineddomain } neverallow { appdomain -system_app -unconfineddomain }
kernel:system { syslog_read syslog_mod syslog_console }; kernel:system { syslog_mod syslog_console };
neverallow { appdomain -system_app -unconfineddomain -shelldomain }
kernel:system syslog_read;
# Ability to perform any filesystem operation other than statfs(2). # Ability to perform any filesystem operation other than statfs(2).
# i.e. no mount(2), unmount(2), etc. # i.e. no mount(2), unmount(2), etc.
......
shelldomain.te
+ 3
0
View file @ 87fa2640
...@@ -32,3 +32,6 @@ allow shelldomain powerctl_prop:property_service set; ...@@ -32,3 +32,6 @@ allow shelldomain powerctl_prop:property_service set;
# Directory read access and file write access is already granted # Directory read access and file write access is already granted
# in domain.te. # in domain.te.
allow shelldomain debugfs:file r_file_perms; allow shelldomain debugfs:file r_file_perms;
# allow shell to run dmesg
allow shelldomain kernel:system syslog_read;
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment