Address adb backup/restore denials.

Resolves the following denials seen during an adb backup and restore sequence. <5>[ 90.247039] type=1400 audit(1388759567.693:16): avc: denied { getopt } for pid=3503 comm="Thread-149" scontext=u:r:system_server:s0 tcontext=u:r:adbd:s0 tclass=unix_stream_socket <5>[ 90.249176] type=1400 audit(1388759567.703:17): avc: denied { getopt } for pid=2334 comm="app_process" scontext=u:r:shell:s0 tcontext=u:r:adbd:s0 tclass=unix_stream_socket Change-Id: I1f6f90f29eecc32ee692764b04b812988f099cde Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Address adb backup/restore denials.
c4021ceb · Stephen Smalley · aef19ebf · c4021ceb
Commit c4021ceb authored 11 years ago by Stephen Smalley
--- a/domain.te
+++ b/domain.te
@@ -23,9 +23,10 @@ allow domain init:fd use;
 allow domain system_server:fd use;

 # Connect to adbd and use a socket transferred from it.
+# This is used for e.g. adb backup/restore.
 allow domain adbd:unix_stream_socket connectto;
 allow domain adbd:fd use;
-allow domain adbd:unix_stream_socket { getattr read write shutdown };
+allow domain adbd:unix_stream_socket { getattr getopt read write shutdown };

 ###
 ### Talk to debuggerd.