commit a2b84e9279336699b8141a32551e95b7455767c5
author Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> Tue Oct 29 02:21:23 2024 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Oct 29 02:21:23 2024 +0000
tree bc39f4ef375df494c3c714339b520ba87fc01ea5
parent 25768a1464cdc252644b05fe0e1469964044a246
parent bad9ca11da1877565210c2b1586b2f10be1db9dc

Merge "Allow "adb shell tradeinmode" on userdebug/eng builds." into main

private/shell.te

diff --git a/private/shell.te b/private/shell.te
index 042540b..38c5ac8 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -42,6 +42,11 @@
 
 domain_auto_trans(shell, vendor_shell_exec, vendor_shell)
 
+# Allow shell to execute tradeinmode on userdebug builds, for testing.
+userdebug_or_eng(`
+  domain_auto_trans(shell, tradeinmode_exec, tradeinmode)
+')
+
 # Allow shell binaries to exec the perfetto cmdline util and have that
 # transition into its own domain, so that it behaves consistently to
 # when exec()-d by statsd.

private/tradeinmode.te

diff --git a/private/tradeinmode.te b/private/tradeinmode.te
index 05315a4..821faf4 100644
--- a/private/tradeinmode.te
+++ b/private/tradeinmode.te
@@ -4,8 +4,14 @@
 type tradeinmode_exec, exec_type, file_type, system_file_type;
 
 allow tradeinmode adbd_tradeinmode:fd use;
-
 allow tradeinmode adbd_tradeinmode:unix_stream_socket { read write ioctl };
+
+# Allow running from normal shell on userdebug/eng.
+userdebug_or_eng(`
+  allow tradeinmode { adbd shell }:fd use;
+  allow tradeinmode adbd:unix_stream_socket { read write ioctl };
+')
+
 allow tradeinmode devpts:chr_file rw_file_perms;
 
 # Allow executing am/content without a domain transition.