PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enable selinux read_policy for adb pull.

Browse Source 
Remove permission from appdomain.

(cherry picked from commit 309cc668f9)

Bug: 16866291

Change-Id: I37936fed33c337e1ab2816258c2aff52700af116
This commit is contained in:
dcashman 2014-09-09 11:38:42 -07:00 committed by Nick Kralevich
parent 9ac7df2280
commit 3e6da1472f
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
adbd.te
View File

@ -69,6 +69,8 @@ allow adbd appdomain:unix_stream_socket connectto;
allow adbd zygote_exec:file r_file_perms; allow adbd zygote_exec:file r_file_perms;
allow adbd system_file:file r_file_perms; allow adbd system_file:file r_file_perms;
allow adbd kernel:security read_policy;
service_manager_local_audit_domain(adbd) service_manager_local_audit_domain(adbd)
auditallow adbd { auditallow adbd {
service_manager_type service_manager_type

2
app.te
View File

@ -166,8 +166,6 @@ allow appdomain runas_exec:file getattr;
# Check SELinux policy and contexts. # Check SELinux policy and contexts.
selinux_check_access(appdomain) selinux_check_access(appdomain)
selinux_check_context(appdomain) selinux_check_context(appdomain)
# Enable reading of current selinux policy file
allow appdomain kernel:security read_policy;
# Validate that each process is running in the correct security context. # Validate that each process is running in the correct security context.
allow appdomain domain:process getattr; allow appdomain domain:process getattr;