Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 938ab05d729aa83abfe16e933ca70e0dee4c22ae
commit938ab05d729aa83abfe16e933ca70e0dee4c22ae[log] [tgz]
authorTom Cherry <tomcherry@google.com>Fri Aug 03 10:49:20 2018 -0700
committerTom Cherry <tomcherry@google.com>Fri Aug 03 19:41:03 2018 +0000
treef8e2ca62f9c2177d51a2c53fd353b2472eb7e654
parentd840374e654881fbd633acc68b827244d2a28768 [diff]
Allow init to execute services marked with seclabel u:r:su:s0 in userdebug/eng

This is do aid developers pushing debug services to not need to modify
the underlying SEPolicy

avc: denied { transition } for comm="init" path="/system/bin/awk"
dev="dm-0" ino=1934 scontext=u:r:init:s0 tcontext=u:r:su:s0
tclass=process
avc: denied { rlimitinh } for comm="awk" scontext=u:r:init:s0
tcontext=u:r:su:s0 tclass=process
avc: denied { siginh } for comm="awk" scontext=u:r:init:s0
tcontext=u:r:su:s0 tclass=process
avc: denied { noatsecure } for comm="awk" scontext=u:r:init:s0
tcontext=u:r:su:s0 tclass=process

Test: init can execute a system_file marked with seclabel u:r:su:s0
Change-Id: I85d9528341fe08dbb2fb9a91e34a41f41aa093be
1 file changed
tree: f8e2ca62f9c2177d51a2c53fd353b2472eb7e654
  1. build/
  2. prebuilts/
  3. private/
  4. public/
  5. reqd_mask/
  6. tests/
  7. tools/
  8. vendor/
  9. Android.bp
  10. Android.mk
  11. CleanSpec.mk
  12. definitions.mk
  13. MODULE_LICENSE_PUBLIC_DOMAIN
  14. NOTICE
  15. OWNERS
  16. PREUPLOAD.cfg
  17. README
  18. treble_sepolicy_tests_for_release.mk