Enable selinux read_policy for adb pull.
Remove permission from appdomain.
(cherry picked from commit 309cc668f9
)
Bug: 16866291
Change-Id: I37936fed33c337e1ab2816258c2aff52700af116
This commit is contained in:
parent
9ac7df2280
commit
3e6da1472f
2
adbd.te
2
adbd.te
@ -69,6 +69,8 @@ allow adbd appdomain:unix_stream_socket connectto;
|
|||||||
allow adbd zygote_exec:file r_file_perms;
|
allow adbd zygote_exec:file r_file_perms;
|
||||||
allow adbd system_file:file r_file_perms;
|
allow adbd system_file:file r_file_perms;
|
||||||
|
|
||||||
|
allow adbd kernel:security read_policy;
|
||||||
|
|
||||||
service_manager_local_audit_domain(adbd)
|
service_manager_local_audit_domain(adbd)
|
||||||
auditallow adbd {
|
auditallow adbd {
|
||||||
service_manager_type
|
service_manager_type
|
||||||
|
2
app.te
2
app.te
@ -166,8 +166,6 @@ allow appdomain runas_exec:file getattr;
|
|||||||
# Check SELinux policy and contexts.
|
# Check SELinux policy and contexts.
|
||||||
selinux_check_access(appdomain)
|
selinux_check_access(appdomain)
|
||||||
selinux_check_context(appdomain)
|
selinux_check_context(appdomain)
|
||||||
# Enable reading of current selinux policy file
|
|
||||||
allow appdomain kernel:security read_policy;
|
|
||||||
# Validate that each process is running in the correct security context.
|
# Validate that each process is running in the correct security context.
|
||||||
allow appdomain domain:process getattr;
|
allow appdomain domain:process getattr;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user