Merge "Un-revert "Audit execution of app_data_file native code.""
diff --git a/private/adbd.te b/private/adbd.te
index 23f3c92..0b42672 100644
--- a/private/adbd.te
+++ b/private/adbd.te
@@ -167,6 +167,11 @@
allow adbd perfetto_traces_data_file:file r_file_perms;
allow adbd perfetto_traces_data_file:dir r_dir_perms;
+# Connect to shell and use a socket transferred from it.
+# Used for e.g. abb.
+allow adbd shell:unix_stream_socket { read write };
+allow adbd shell:fd use;
+
###
### Neverallow rules
###
diff --git a/tests/treble_sepolicy_tests.py b/tests/treble_sepolicy_tests.py
index f2d600a..0851d3b 100644
--- a/tests/treble_sepolicy_tests.py
+++ b/tests/treble_sepolicy_tests.py
@@ -242,7 +242,10 @@
ret += "policy without an entry into the compatibility mapping file(s) "
ret += "found in private/compat/V.v/V.v[.ignore].cil, where V.v is the "
ret += "latest API level.\n"
- ret += " ".join(str(x) for x in sorted(violators)) + "\n"
+ ret += " ".join(str(x) for x in sorted(violators)) + "\n\n"
+ ret += "See examples of how to fix this:\n"
+ ret += "https://android-review.git.corp.google.com/c/platform/system/sepolicy/+/781036\n"
+ ret += "https://android-review.git.corp.google.com/c/platform/system/sepolicy/+/852612\n"
return ret
###
@@ -265,7 +268,9 @@
ret += "policy without a declaration in the compatibility mapping "
ret += "found in private/compat/V.v/V.v[.ignore].cil, where V.v is the "
ret += "latest API level.\n"
- ret += " ".join(str(x) for x in sorted(violators)) + "\n"
+ ret += " ".join(str(x) for x in sorted(violators)) + "\n\n"
+ ret += "See examples of how to fix this:\n"
+ ret += "https://android-review.git.corp.google.com/c/platform/system/sepolicy/+/822743\n"
return ret
def TestTrebleCompatMapping():