Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 2c38b3b8099a26d4da1dead2d1f87f616f4df6fd
commit2c38b3b8099a26d4da1dead2d1f87f616f4df6fd[log] [tgz]
authorNick Kralevich <nnk@google.com>Tue Oct 21 22:39:42 2014 -0700
committerNick Kralevich <nnk@google.com>Tue Oct 21 22:39:42 2014 -0700
tree0d3cb6c20f87ff8967aa68272325570b73d09cc2
parent480374e4d082238a71773f29483c5d24ad8b3f6d [diff]
DO NOT MERGE: allow access to labeled executables in /system

Most files on /system are labeled with the "system_file" label, and
are readable by default by all SELinux domains. However, select
executables are labeled with their own label, so that SELinux knows
what domains to enter upon running the executable.

Allow adbd read access to labeled executables in /system. We do
this by granting adbd read access to exec_type, the attribute
assigned to all executables on /system.

This allows "adb pull /system" to work without generating
SELinux denials.

Bug: 18078338
Change-Id: I97783759af083968890f15f7b1d8fff989e80604
1 file changed
tree: 0d3cb6c20f87ff8967aa68272325570b73d09cc2
  1. tools/
  2. access_vectors
  3. adbd.te
  4. Android.mk
  5. app.te
  6. attributes
  7. binderservicedomain.te
  8. bluetooth.te
  9. bootanim.te
  10. clatd.te
  11. debuggerd.te
  12. device.te
  13. dex2oat.te
  14. dhcp.te
  15. dnsmasq.te
  16. domain.te
  17. drmserver.te
  18. dumpstate.te
  19. file.te
  20. file_contexts
  21. fs_use
  22. genfs_contexts
  23. global_macros
  24. gpsd.te
  25. hci_attach.te
  26. healthd.te
  27. hostapd.te
  28. init.te
  29. init_shell.te
  30. initial_sid_contexts
  31. initial_sids
  32. inputflinger.te
  33. install_recovery.te
  34. installd.te
  35. isolated_app.te
  36. kernel.te
  37. keys.conf
  38. keystore.te
  39. lmkd.te
  40. logd.te
  41. mac_permissions.xml
  42. mdnsd.te
  43. mediaserver.te
  44. mls
  45. mls_macros
  46. mtp.te
  47. net.te
  48. netd.te
  49. nfc.te
  50. NOTICE
  51. platform_app.te
  52. policy_capabilities
  53. port_contexts
  54. ppp.te
  55. property.te
  56. property_contexts
  57. racoon.te
  58. radio.te
  59. README
  60. recovery.te
  61. rild.te
  62. roles
  63. runas.te
  64. sdcardd.te
  65. seapp_contexts
  66. security_classes
  67. selinux-network.sh
  68. service.te
  69. service_contexts
  70. servicemanager.te
  71. shared_relro.te
  72. shell.te
  73. su.te
  74. surfaceflinger.te
  75. system_app.te
  76. system_server.te
  77. te_macros
  78. tee.te
  79. ueventd.te
  80. unconfined.te
  81. uncrypt.te
  82. untrusted_app.te
  83. users
  84. vdc.te
  85. vold.te
  86. watchdogd.te
  87. wpa.te
  88. zygote.te