diff options
Diffstat (limited to 'su.te')
-rw-r--r-- | su.te | 55 |
1 files changed, 0 insertions, 55 deletions
@@ -1,55 +0,0 @@ -# File types must be defined for file_contexts. -type su_exec, exec_type, file_type; - -userdebug_or_eng(` - # Domain used for su processes, as well as for adbd and adb shell - # after performing an adb root command. The domain definition is - # wrapped to ensure that it does not exist at all on -user builds. - type su, domain, mlstrustedsubject; - domain_auto_trans(shell, su_exec, su) - - # Allow dumpstate to call su on userdebug / eng builds to collect - # additional information. - domain_auto_trans(dumpstate, su_exec, su) - - # Make sure that dumpstate runs the same from the "su" domain as - # from the "init" domain. - domain_auto_trans(su, dumpstate_exec, dumpstate) - - # su is also permissive to permit setenforce. - permissive su; - - # Add su to various domains - net_domain(su) - app_domain(su) - - dontaudit su self:capability_class_set *; - dontaudit su kernel:security *; - dontaudit su kernel:system *; - dontaudit su self:memprotect *; - dontaudit su domain:process *; - dontaudit su domain:fd *; - dontaudit su domain:dir *; - dontaudit su domain:lnk_file *; - dontaudit su domain:{ fifo_file file } *; - dontaudit su domain:socket_class_set *; - dontaudit su domain:ipc_class_set *; - dontaudit su domain:key *; - dontaudit su fs_type:filesystem *; - dontaudit su {fs_type dev_type file_type}:dir_file_class_set *; - dontaudit su node_type:node *; - dontaudit su node_type:{ tcp_socket udp_socket rawip_socket } *; - dontaudit su netif_type:netif *; - dontaudit su port_type:socket_class_set *; - dontaudit su port_type:{ tcp_socket dccp_socket } *; - dontaudit su domain:peer *; - dontaudit su domain:binder *; - dontaudit su property_type:property_service *; - dontaudit su property_type:file *; - dontaudit su service_manager_type:service_manager *; - dontaudit su servicemanager:service_manager list; - dontaudit su keystore:keystore_key *; - dontaudit su domain:debuggerd *; - dontaudit su domain:drmservice *; - dontaudit su unlabeled:filesystem *; -') |