From ad22e86740132ba0541506edebb7a6c1da70017b Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Thu, 3 Dec 2015 13:28:14 -0800
Subject: [PATCH] shell.te: allow pulling the currently running SELinux policy

Allow pulling the currently running SELinux policy for CTS.

Change-Id: I82ec03724a8e5773b3b693c4f39cc7b5c3ae4516
---
 shell.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/shell.te b/shell.te
index a8089d6fb..e0c318fc1 100644
--- a/shell.te
+++ b/shell.te
@@ -98,6 +98,10 @@ allow shell domain:{ file lnk_file } { open read getattr };
 # allow shell to read /proc/pid/attr/current for ps -Z
 allow shell domain:process getattr;
 
+# Allow pulling the SELinux policy for CTS purposes
+allow shell selinuxfs:dir r_dir_perms;
+allow shell selinuxfs:file r_file_perms;
+
 # enable shell domain to read/write files/dirs for bootchart data
 # User will creates the start and stop file via adb shell
 # and read other files created by init process under /data/bootchart
-- 
GitLab