2014-02-21 10:45:29 -08:00
|
|
|
# Domain for shell processes spawned by ADB or console service.
|
2015-11-27 19:18:17 -08:00
|
|
|
type shell, domain, mlstrustedsubject;
|
2013-09-27 07:38:14 -07:00
|
|
|
type shell_exec, exec_type, file_type;
|
2012-01-04 09:33:27 -08:00
|
|
|
|
2014-01-07 09:47:10 -08:00
|
|
|
# Create and use network sockets.
|
|
|
|
net_domain(shell)
|
|
|
|
|
2012-01-04 09:33:27 -08:00
|
|
|
# Run app_process.
|
2013-10-23 10:25:53 -07:00
|
|
|
# XXX Transition into its own domain?
|
2012-01-04 09:33:27 -08:00
|
|
|
app_domain(shell)
|
2013-12-02 11:18:11 -08:00
|
|
|
|
2014-12-15 12:01:35 -08:00
|
|
|
# logcat
|
2014-03-17 13:00:38 -07:00
|
|
|
read_logd(shell)
|
|
|
|
control_logd(shell)
|
2014-12-15 12:01:35 -08:00
|
|
|
# logcat -L (directly, or via dumpstate)
|
|
|
|
allow shell pstorefs:dir search;
|
|
|
|
allow shell pstorefs:file r_file_perms;
|
2015-05-26 15:12:45 -07:00
|
|
|
# logpersistd (nee logcatd) files
|
2015-09-21 16:22:21 -07:00
|
|
|
userdebug_or_eng(`
|
|
|
|
allow shell misc_logd_file:dir r_dir_perms;
|
|
|
|
allow shell misc_logd_file:file r_file_perms;
|
|
|
|
')
|
2014-03-17 13:00:38 -07:00
|
|
|
|
2015-11-27 19:18:17 -08:00
|
|
|
# interact with adb
|
|
|
|
allow shell adbd:fd use;
|
|
|
|
allow shell adbd:unix_stream_socket { read write ioctl getattr };
|
|
|
|
|
2015-12-01 16:28:28 -08:00
|
|
|
# Root fs.
|
|
|
|
allow shell rootfs:dir r_dir_perms;
|
|
|
|
|
2014-06-05 13:27:44 -07:00
|
|
|
# read files in /data/anr
|
|
|
|
allow shell anr_data_file:dir r_dir_perms;
|
|
|
|
allow shell anr_data_file:file r_file_perms;
|
|
|
|
|
2014-06-11 04:10:09 -07:00
|
|
|
# Access /data/local/tmp.
|
|
|
|
allow shell shell_data_file:dir create_dir_perms;
|
|
|
|
allow shell shell_data_file:file create_file_perms;
|
|
|
|
allow shell shell_data_file:file rx_file_perms;
|
2014-12-09 23:49:31 -08:00
|
|
|
allow shell shell_data_file:lnk_file create_file_perms;
|
2014-06-11 04:10:09 -07:00
|
|
|
|
2015-10-28 16:45:58 -07:00
|
|
|
# Read/execute files in /data/nativetest
|
|
|
|
userdebug_or_eng(`
|
|
|
|
allow shell nativetest_data_file:dir r_dir_perms;
|
|
|
|
allow shell nativetest_data_file:file rx_file_perms;
|
|
|
|
')
|
|
|
|
|
2014-06-11 04:10:09 -07:00
|
|
|
# adb bugreport
|
|
|
|
unix_socket_connect(shell, dumpstate, dumpstate)
|
|
|
|
|
|
|
|
allow shell devpts:chr_file rw_file_perms;
|
|
|
|
allow shell tty_device:chr_file rw_file_perms;
|
|
|
|
allow shell console_device:chr_file rw_file_perms;
|
2014-06-11 09:09:15 -07:00
|
|
|
allow shell input_device:dir r_dir_perms;
|
2014-06-11 04:10:09 -07:00
|
|
|
allow shell input_device:chr_file rw_file_perms;
|
2015-12-04 09:05:02 -08:00
|
|
|
r_dir_file(shell, system_file)
|
2014-06-11 04:10:09 -07:00
|
|
|
allow shell system_file:file x_file_perms;
|
2015-08-25 08:38:29 -07:00
|
|
|
allow shell toolbox_exec:file rx_file_perms;
|
2014-06-11 04:10:09 -07:00
|
|
|
allow shell shell_exec:file rx_file_perms;
|
|
|
|
allow shell zygote_exec:file rx_file_perms;
|
|
|
|
|
|
|
|
r_dir_file(shell, apk_data_file)
|
|
|
|
|
|
|
|
# Set properties.
|
2015-05-04 18:22:45 -07:00
|
|
|
set_prop(shell, shell_prop)
|
2015-12-01 18:03:05 -08:00
|
|
|
set_prop(shell, ctl_bugreport_prop)
|
2015-05-04 18:22:45 -07:00
|
|
|
set_prop(shell, ctl_dumpstate_prop)
|
2015-12-01 18:03:05 -08:00
|
|
|
set_prop(shell, dumpstate_prop)
|
2015-05-04 18:22:45 -07:00
|
|
|
set_prop(shell, debug_prop)
|
|
|
|
set_prop(shell, powerctl_prop)
|
2014-06-11 04:10:09 -07:00
|
|
|
|
|
|
|
# systrace support - allow atrace to run
|
2015-12-14 13:57:26 -08:00
|
|
|
allow shell debugfs_tracing:dir r_dir_perms;
|
|
|
|
allow shell debugfs_tracing:file rw_file_perms;
|
2015-12-16 12:50:06 -08:00
|
|
|
allow shell debugfs_trace_marker:file getattr;
|
2015-06-23 23:24:17 -07:00
|
|
|
allow shell atrace_exec:file rx_file_perms;
|
|
|
|
|
|
|
|
userdebug_or_eng(`
|
|
|
|
# "systrace --boot" support - allow boottrace service to run
|
|
|
|
allow shell boottrace_data_file:dir rw_dir_perms;
|
|
|
|
allow shell boottrace_data_file:file create_file_perms;
|
|
|
|
set_prop(shell, persist_debug_prop)
|
|
|
|
')
|
2014-06-11 04:10:09 -07:00
|
|
|
|
|
|
|
# allow shell to run dmesg
|
|
|
|
allow shell kernel:system syslog_read;
|
2014-12-30 15:21:50 -08:00
|
|
|
|
2015-01-23 15:55:42 -08:00
|
|
|
# allow shell access to services
|
2014-12-30 15:21:50 -08:00
|
|
|
allow shell servicemanager:service_manager list;
|
2015-04-03 16:46:33 -07:00
|
|
|
# don't allow shell to access GateKeeper service
|
|
|
|
allow shell { service_manager_type -gatekeeper_service }:service_manager find;
|
2015-01-16 13:39:59 -08:00
|
|
|
|
2015-12-08 07:07:42 -08:00
|
|
|
# allow shell to look through /proc/ for ps, top, netstat
|
2015-11-27 19:18:17 -08:00
|
|
|
r_dir_file(shell, proc)
|
2015-12-08 07:07:42 -08:00
|
|
|
r_dir_file(shell, proc_net)
|
2015-11-27 19:18:17 -08:00
|
|
|
r_dir_file(shell, cgroup)
|
2015-01-16 13:39:59 -08:00
|
|
|
allow shell domain:dir { search open read getattr };
|
|
|
|
allow shell domain:{ file lnk_file } { open read getattr };
|
2014-12-04 21:40:22 -08:00
|
|
|
|
2015-03-16 08:43:22 -07:00
|
|
|
# allow shell to read /proc/pid/attr/current for ps -Z
|
|
|
|
allow shell domain:process getattr;
|
|
|
|
|
2015-12-03 13:28:14 -08:00
|
|
|
# Allow pulling the SELinux policy for CTS purposes
|
|
|
|
allow shell selinuxfs:dir r_dir_perms;
|
|
|
|
allow shell selinuxfs:file r_file_perms;
|
|
|
|
|
2014-12-04 21:40:22 -08:00
|
|
|
# enable shell domain to read/write files/dirs for bootchart data
|
|
|
|
# User will creates the start and stop file via adb shell
|
|
|
|
# and read other files created by init process under /data/bootchart
|
|
|
|
allow shell bootchart_data_file:dir rw_dir_perms;
|
|
|
|
allow shell bootchart_data_file:file create_file_perms;
|
2015-04-16 08:43:10 -07:00
|
|
|
|
2015-10-15 13:35:01 -07:00
|
|
|
# Make sure strace works for the non-privileged shell user
|
|
|
|
allow shell self:process ptrace;
|
|
|
|
|
2015-04-16 08:43:10 -07:00
|
|
|
# Do not allow shell to hard link to any files.
|
|
|
|
# In particular, if shell hard links to app data
|
|
|
|
# files, installd will not be able to guarantee the deletion
|
|
|
|
# of the linked to file. Hard links also contribute to security
|
|
|
|
# bugs, so we want to ensure the shell user never has this
|
|
|
|
# capability.
|
|
|
|
neverallow shell file_type:file link;
|
2015-12-02 12:12:09 -08:00
|
|
|
|
|
|
|
# Allow access to ion memory allocation device.
|
2015-12-08 09:05:12 -08:00
|
|
|
allow shell ion_device:chr_file rw_file_perms;
|