shell.te: allow pulling the currently running SELinux policy am: ad22e86740 * commit 'ad22e86740132ba0541506edebb7a6c1da70017b': shell.te: allow pulling the currently running SELinux policy

commit: d483d2f3d4340cc29f7dabc38e03900a6d5061d2 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Thu Dec 03 21:56:21 2015 +0000
committer: android-build-merger <android-build-merger@google.com> Thu Dec 03 21:56:21 2015 +0000
tree: 723907702a10c1bf6ae931606e4150a51ccdd927
parent: d95780ac9301038e093f9e1efe9fee32f413a4a2 [diff]
parent: ad22e86740132ba0541506edebb7a6c1da70017b [diff]
diff --git a/shell.te b/shell.te
index a8089d6..e0c318f 100644
--- a/shell.te
+++ b/shell.te

@@ -98,6 +98,10 @@
 # allow shell to read /proc/pid/attr/current for ps -Z
 allow shell domain:process getattr;
 
+# Allow pulling the SELinux policy for CTS purposes
+allow shell selinuxfs:dir r_dir_perms;
+allow shell selinuxfs:file r_file_perms;
+
 # enable shell domain to read/write files/dirs for bootchart data
 # User will creates the start and stop file via adb shell
 # and read other files created by init process under /data/bootchart
commit	d483d2f3d4340cc29f7dabc38e03900a6d5061d2	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Thu Dec 03 21:56:21 2015 +0000
committer	android-build-merger <android-build-merger@google.com>	Thu Dec 03 21:56:21 2015 +0000
tree	723907702a10c1bf6ae931606e4150a51ccdd927
parent	d95780ac9301038e093f9e1efe9fee32f413a4a2 [diff]
parent	ad22e86740132ba0541506edebb7a6c1da70017b [diff]