debuggerd.te: allow debuggerd to drop root.
Bug: http://b/25195825 Change-Id: I70257d5e40332f315020547baaa77a92fdfc58b0
This commit is contained in:
parent
549ccf77e3
commit
2b93db7795
@ -4,17 +4,14 @@ type debuggerd_exec, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(debuggerd)
|
||||
typeattribute debuggerd mlstrustedsubject;
|
||||
allow debuggerd self:capability { dac_override sys_ptrace chown kill fowner };
|
||||
allow debuggerd self:capability { dac_override sys_ptrace chown kill fowner setuid setgid };
|
||||
allow debuggerd self:capability2 { syslog };
|
||||
allow debuggerd domain:dir r_dir_perms;
|
||||
allow debuggerd domain:file r_file_perms;
|
||||
allow debuggerd domain:lnk_file read;
|
||||
allow debuggerd { domain -init -ueventd -watchdogd -healthd -adbd -keystore }:process { ptrace getattr };
|
||||
security_access_policy(debuggerd)
|
||||
allow debuggerd system_data_file:dir create_dir_perms;
|
||||
allow debuggerd system_data_file:dir relabelfrom;
|
||||
allow debuggerd tombstone_data_file:dir relabelto;
|
||||
allow debuggerd tombstone_data_file:dir create_dir_perms;
|
||||
allow debuggerd tombstone_data_file:dir rw_dir_perms;
|
||||
allow debuggerd tombstone_data_file:file create_file_perms;
|
||||
allow debuggerd shared_relro_file:dir r_dir_perms;
|
||||
allow debuggerd shared_relro_file:file r_file_perms;
|
||||
|
Loading…
Reference in New Issue
Block a user