diff options
Diffstat (limited to 'runas.te')
| -rw-r--r-- | runas.te | 33 |
1 files changed, 0 insertions, 33 deletions
diff --git a/runas.te b/runas.te deleted file mode 100644 index 58a1bdc..0000000 --- a/runas.te +++ /dev/null @@ -1,33 +0,0 @@ -type runas, domain, domain_deprecated, mlstrustedsubject; -type runas_exec, exec_type, file_type; - -# ndk-gdb invokes adb shell run-as. -domain_auto_trans(shell, runas_exec, runas) -allow runas adbd:process sigchld; -allow runas shell:fd use; -allow runas shell:fifo_file { read write }; -allow runas devpts:chr_file { read write ioctl }; -allow runas shell_data_file:file { read write }; - -# run-as reads package information. -allow runas system_data_file:file r_file_perms; - -# run-as checks and changes to the app data dir. -dontaudit runas self:capability dac_override; -allow runas app_data_file:dir { getattr search }; - -# run-as switches to the app UID/GID. -allow runas self:capability { setuid setgid }; - -# run-as switches to the app security context. -selinux_check_context(runas) # validate context -allow runas self:process setcurrent; -allow runas non_system_app_set:process dyntransition; # setcon - -### -### neverallow rules -### - -# run-as cannot have capabilities other than CAP_SETUID and CAP_SETGID -neverallow runas self:capability ~{ setuid setgid }; -neverallow runas self:capability2 *; |