shell.te: allow pulling the currently running SELinux policy Allow pulling the currently running SELinux policy for CTS. Change-Id: I82ec03724a8e5773b3b693c4f39cc7b5c3ae4516

commit: ad22e86740132ba0541506edebb7a6c1da70017b [log] [tgz]
author: Nick Kralevich <nnk@google.com> Thu Dec 03 13:28:14 2015 -0800
committer: Nick Kralevich <nnk@google.com> Thu Dec 03 13:28:14 2015 -0800
tree: 3aa7bff2c87ca64b416fdcf4e82caca152a2ad39
parent: 1d58b2fdea644f2ac02e8c1552754ea7c4b576e4 [diff]
diff --git a/shell.te b/shell.te
index a8089d6..e0c318f 100644
--- a/shell.te
+++ b/shell.te

@@ -98,6 +98,10 @@
 # allow shell to read /proc/pid/attr/current for ps -Z
 allow shell domain:process getattr;
 
+# Allow pulling the SELinux policy for CTS purposes
+allow shell selinuxfs:dir r_dir_perms;
+allow shell selinuxfs:file r_file_perms;
+
 # enable shell domain to read/write files/dirs for bootchart data
 # User will creates the start and stop file via adb shell
 # and read other files created by init process under /data/bootchart
commit	ad22e86740132ba0541506edebb7a6c1da70017b	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Thu Dec 03 13:28:14 2015 -0800
committer	Nick Kralevich <nnk@google.com>	Thu Dec 03 13:28:14 2015 -0800
tree	3aa7bff2c87ca64b416fdcf4e82caca152a2ad39
parent	1d58b2fdea644f2ac02e8c1552754ea7c4b576e4 [diff]