Merge "adbd/shell: grant access to sepolicy for cts" into oc-dev am: bab5872cb1 Change-Id: I0341e66bd3a8fcbddf9daf7da84187430b5747d6

commit: 2afd33839f854cb3448da13fb9209223523eaa53 [log] [tgz]
author: Jeff Vander Stoep <jeffv@google.com> Tue Apr 04 02:10:57 2017 +0000
committer: android-build-merger <android-build-merger@google.com> Tue Apr 04 02:10:57 2017 +0000
tree: b6336190a8cc2ba5ba1115934a9243f6326172f8
parent: 2ec492f1a2254e5f776c911cf6d21f3e84633418 [diff]
parent: bab5872cb1c28947368feeeb2ea0cd4e83a243f6 [diff]
diff --git a/private/adbd.te b/private/adbd.te
index eb6ae32..b402335 100644
--- a/private/adbd.te
+++ b/private/adbd.te

@@ -103,6 +103,8 @@
 allow adbd service_contexts_file:file r_file_perms;
 allow adbd file_contexts_file:file r_file_perms;
 allow adbd seapp_contexts_file:file r_file_perms;
+allow adbd property_contexts_file:file r_file_perms;
+allow adbd sepolicy_file:file r_file_perms;
 
 allow adbd surfaceflinger_service:service_manager find;
 allow adbd bootchart_data_file:dir search;

diff --git a/public/shell.te b/public/shell.te
index caf93ca..7c3d8a1 100644
--- a/public/shell.te
+++ b/public/shell.te

@@ -147,6 +147,13 @@
 #
 allow shell dev_type:blk_file getattr;
 
+# read selinux policy files
+allow shell file_contexts_file:file r_file_perms;
+allow shell property_contexts_file:file r_file_perms;
+allow shell seapp_contexts_file:file r_file_perms;
+allow shell service_contexts_file:file r_file_perms;
+allow shell sepolicy_file:file r_file_perms;
+
 ###
 ### Neverallow rules
 ###
commit	2afd33839f854cb3448da13fb9209223523eaa53	[log] [tgz]
author	Jeff Vander Stoep <jeffv@google.com>	Tue Apr 04 02:10:57 2017 +0000
committer	android-build-merger <android-build-merger@google.com>	Tue Apr 04 02:10:57 2017 +0000
tree	b6336190a8cc2ba5ba1115934a9243f6326172f8
parent	2ec492f1a2254e5f776c911cf6d21f3e84633418 [diff]
parent	bab5872cb1c28947368feeeb2ea0cd4e83a243f6 [diff]