PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge changes Icb6ea6ce,I89b546c7

Browse Source 
am: 4bd0c6fcc3

Change-Id: Iacb037f79b4af9c2024fbb54484205b0bc2753c9
This commit is contained in:
Jeff Vander Stoep 2017-10-20 22:13:42 +00:00 committed by android-build-merger
commit bf5a4b71e7
2 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
public/dumpstate.te
View File

@ -151,6 +151,7 @@ control_logd(dumpstate)
read_runtime_log_tags(dumpstate)
# Read files in /proc
allow dumpstate proc_cmdline:file r_file_perms;
allow dumpstate proc_meminfo:file r_file_perms;
allow dumpstate proc_net:file r_file_perms;
allow dumpstate proc_pagetypeinfo:file r_file_perms;
@ -198,6 +199,16 @@ allow dumpstate {
-vold_service
-vr_hwc_service
}:service_manager find;
# suppress denials for services dumpstate should not be accessing.
dontaudit dumpstate {
dumpstate_service
gatekeeper_service
incident_service
virtual_touchpad_service
vold_service
vr_hwc_service
}:service_manager find;
allow dumpstate servicemanager:service_manager list;
allow dumpstate hwservicemanager:hwservice_manager list;

3
public/shell.te
View File

@ -106,12 +106,13 @@ allow shell dumpstate:binder call;
hwbinder_use(shell)
allow shell hwservicemanager:hwservice_manager list;
# allow shell to look through /proc/ for ps, top, netstat
# allow shell to look through /proc/ for lsmod, ps, top, netstat.
r_dir_file(shell, proc)
r_dir_file(shell, proc_net)
allow shell proc_filesystems:file r_file_perms;
allow shell proc_interrupts:file r_file_perms;
allow shell proc_meminfo:file r_file_perms;
allow shell proc_modules:file r_file_perms;
allow shell proc_stat:file r_file_perms;
allow shell proc_timer:file r_file_perms;
allow shell proc_zoneinfo:file r_file_perms;