shell.te: allow pulling the currently running SELinux policy am: ad22e86740 am: d483d2f3d4 * commit 'd483d2f3d4340cc29f7dabc38e03900a6d5061d2': shell.te: allow pulling the currently running SELinux policy

commit: 42aaf56f16df21eb323a57ae3214577f90c46982 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Thu Dec 03 22:00:45 2015 +0000
committer: android-build-merger <android-build-merger@google.com> Thu Dec 03 22:00:45 2015 +0000
tree: 723907702a10c1bf6ae931606e4150a51ccdd927
parent: 0636639880d72c4d4d2177a6cb4530d1a112abff [diff]
parent: d483d2f3d4340cc29f7dabc38e03900a6d5061d2 [diff]
diff --git a/shell.te b/shell.te
index a8089d6..e0c318f 100644
--- a/shell.te
+++ b/shell.te

@@ -98,6 +98,10 @@
 # allow shell to read /proc/pid/attr/current for ps -Z
 allow shell domain:process getattr;
 
+# Allow pulling the SELinux policy for CTS purposes
+allow shell selinuxfs:dir r_dir_perms;
+allow shell selinuxfs:file r_file_perms;
+
 # enable shell domain to read/write files/dirs for bootchart data
 # User will creates the start and stop file via adb shell
 # and read other files created by init process under /data/bootchart
commit	42aaf56f16df21eb323a57ae3214577f90c46982	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Thu Dec 03 22:00:45 2015 +0000
committer	android-build-merger <android-build-merger@google.com>	Thu Dec 03 22:00:45 2015 +0000
tree	723907702a10c1bf6ae931606e4150a51ccdd927
parent	0636639880d72c4d4d2177a6cb4530d1a112abff [diff]
parent	d483d2f3d4340cc29f7dabc38e03900a6d5061d2 [diff]