From cfd9b6ba0bfdd7dc1319b3ca3c527518f4167658 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Thu, 4 Apr 2013 11:39:33 -0400
Subject: [PATCH] Allow apps to execute the shell or system commands
 unconditionally.

Change-Id: I54af993bd478d6b8d0462d43950bb1a991131c82
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 app.te | 4 ++++
 cts.te | 4 ----
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/app.te b/app.te
index 8d84e590b..eaca76c7d 100644
--- a/app.te
+++ b/app.te
@@ -132,6 +132,10 @@ allow appdomain platform_app_data_file:file { getattr read write };
 allow appdomain system_data_file:dir r_dir_perms;
 allow appdomain system_data_file:file { execute open };
 
+# Execute the shell or other system executables.
+allow appdomain shell_exec:file rx_file_perms;
+allow appdomain system_file:file rx_file_perms;
+
 # Read/write wallpaper file (opened by system).
 allow appdomain wallpaper_file:file { read write };
 
diff --git a/cts.te b/cts.te
index 3371410d6..3a414788f 100644
--- a/cts.te
+++ b/cts.te
@@ -23,10 +23,6 @@ allow appdomain file_type:dir_file_class_set getattr;
 allow appdomain dev_type:dir_file_class_set getattr;
 allow appdomain fs_type:dir_file_class_set getattr;
 
-# Execute the shell or other system executables.
-allow appdomain shell_exec:file rx_file_perms;
-allow appdomain system_file:file rx_file_perms;
-
 # Accesses to apk_tmp_file and shell_data_file
 allow appdomain apk_tmp_file:file rw_file_perms;
 allow appdomain shell_data_file:file r_file_perms;
-- 
GitLab