diff options
author | Nick Kralevich <nnk@google.com> | 2013-07-15 11:41:24 -0700 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2013-07-15 12:31:31 -0700 |
commit | 5919d1c86a2a1fea52f840ab30709048bd63f1f5 (patch) | |
tree | 8ec97426e49fe8814e6e9f5719cf2f42f2583f63 | |
parent | 748fdef626d1dda2a0a727ea35d85d04363f5307 (diff) | |
download | sepolicy-5919d1c86a2a1fea52f840ab30709048bd63f1f5.tar.gz |
domain.te: Temporarily work around debuggerd connection bug
For some reason, the debuggerd socket isn't getting properly
labeled. Work around this bug for now by allowing all domains
to connect to all unix stream sockets.
Bug: 9858255
Change-Id: If994e51b0201ea8cae46341efc76dc71a4e577c8
-rw-r--r-- | domain.te | 7 |
1 files changed, 6 insertions, 1 deletions
@@ -30,9 +30,14 @@ allow domain adbd:unix_stream_socket connectto; allow domain adbd:fd use; allow domain adbd:unix_stream_socket { getattr read write shutdown }; -# Talk to debuggerd. +### +### Talk to debuggerd. +### allow domain debuggerd:process sigchld; allow domain debuggerd:unix_stream_socket connectto; +# b/9858255 - debuggerd sockets are not getting properly labeled. +# TODO: Remove this temporary workaround. +allow domain init:unix_stream_socket connectto; # Root fs. allow domain rootfs:dir r_dir_perms; |