07cb0ded7b
This sets up a selinux domain (notify_traceur) that can be called from init and has the permissions to run the activitymanager script. Bug: 116754134 Test: manual Change-Id: Ia371bafe5d3d354efdf8cd29365cd74ed3e5cdfd
13 lines
407 B
Plaintext
13 lines
407 B
Plaintext
type notify_traceur, domain, coredomain;
|
|
type notify_traceur_exec, system_file_type, exec_type, file_type;
|
|
|
|
init_daemon_domain(notify_traceur);
|
|
binder_use(notify_traceur);
|
|
|
|
# This is to execute am
|
|
allow notify_traceur activity_service:service_manager find;
|
|
allow notify_traceur shell_exec:file rx_file_perms;
|
|
allow notify_traceur system_file:file rx_file_perms;
|
|
|
|
binder_call(notify_traceur, system_server);
|