Allow the init process to execute the notify_traceur.sh script
This sets up a selinux domain (notify_traceur) that can be called from init and has the permissions to run the activitymanager script. Bug: 116754134 Test: manual Change-Id: Ia371bafe5d3d354efdf8cd29365cd74ed3e5cdfd
This commit is contained in:
parent
0cb6b7be10
commit
07cb0ded7b
@ -326,6 +326,7 @@
|
||||
/system/bin/apexd u:object_r:apexd_exec:s0
|
||||
/system/bin/gsid u:object_r:gsid_exec:s0
|
||||
/system/bin/simpleperf_app_runner u:object_r:simpleperf_app_runner_exec:s0
|
||||
/system/bin/notify_traceur\.sh u:object_r:notify_traceur_exec:s0
|
||||
|
||||
#############################
|
||||
# Vendor files
|
||||
|
12
private/notify_traceur.te
Normal file
12
private/notify_traceur.te
Normal file
@ -0,0 +1,12 @@
|
||||
type notify_traceur, domain, coredomain;
|
||||
type notify_traceur_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(notify_traceur);
|
||||
binder_use(notify_traceur);
|
||||
|
||||
# This is to execute am
|
||||
allow notify_traceur activity_service:service_manager find;
|
||||
allow notify_traceur shell_exec:file rx_file_perms;
|
||||
allow notify_traceur system_file:file rx_file_perms;
|
||||
|
||||
binder_call(notify_traceur, system_server);
|
@ -195,6 +195,7 @@ binder_call(system_server, installd)
|
||||
binder_call(system_server, incidentd)
|
||||
binder_call(system_server, iorapd)
|
||||
binder_call(system_server, netd)
|
||||
binder_call(system_server, notify_traceur)
|
||||
binder_call(system_server, statsd)
|
||||
binder_call(system_server, storaged)
|
||||
binder_call(system_server, update_engine)
|
||||
|
Loading…
Reference in New Issue
Block a user