PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add permissions back to app / shell domains

Browse Source 
Allow directory reads to allow tab completion in rootfs to work.

"pm" is crashing due to failure to access /data/dalvik-cache. Add
back in the permissions from domain_deprecated.

Allow /sdcard to work again.

Bug: 25954400
Change-Id: I48cfa92fabfa47ed3007a63b85284659ba94ea73
This commit is contained in:
Nick Kralevich 2015-12-01 16:28:28 -08:00
parent d618eb6f9c
commit 8ff6a86da5
2 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
app.te
View File

@ -29,6 +29,16 @@ allow appdomain zygote:process sigchld;
allow appdomain cgroup:dir { search write }; allow appdomain cgroup:dir { search write };
allow appdomain cgroup:file w_file_perms; allow appdomain cgroup:file w_file_perms;
# Read /data/dalvik-cache.
allow appdomain dalvikcache_data_file:dir { search getattr };
allow appdomain dalvikcache_data_file:file r_file_perms;
# Read the /sdcard symlink
allow appdomain rootfs:lnk_file r_file_perms;
# Search /storage/emulated tmpfs mount.
allow appdomain tmpfs:dir r_dir_perms;
userdebug_or_eng(` userdebug_or_eng(`
# Notify zygote of the wrapped process PID when using --invoke-with. # Notify zygote of the wrapped process PID when using --invoke-with.
allow appdomain zygote:fifo_file write; allow appdomain zygote:fifo_file write;

3
shell.te
View File

@ -25,6 +25,9 @@ userdebug_or_eng(`
allow shell adbd:fd use; allow shell adbd:fd use;
allow shell adbd:unix_stream_socket { read write ioctl getattr }; allow shell adbd:unix_stream_socket { read write ioctl getattr };
# Root fs.
allow shell rootfs:dir r_dir_perms;
# read files in /data/anr # read files in /data/anr
allow shell anr_data_file:dir r_dir_perms; allow shell anr_data_file:dir r_dir_perms;
allow shell anr_data_file:file r_file_perms; allow shell anr_data_file:file r_file_perms;