Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 2e00e6373faa6271d7839d33c5b9e69d998ff020 / . / private / su.te
blob: 3dda00f9b6eb7a9583ac3262009febb9b39e333c [file] [log] [blame]
Nick Kralevich88ce9512014-01-09 15:25:36 -0800[diff] [blame]1userdebug_or_eng(`
Nick Kralevich88ce9512014-01-09 15:25:36 -0800[diff] [blame]2 domain_auto_trans(shell, su_exec, su)
Nick Kralevich88ce9512014-01-09 15:25:36 -0800[diff] [blame]3 # Allow dumpstate to call su on userdebug / eng builds to collect
4 # additional information.
5 domain_auto_trans(dumpstate, su_exec, su)
Stephen Smalleyd99e6d52013-12-02 14:18:11 -0500[diff] [blame]6
Christopher Ferris5ec38c42015-01-29 12:11:55 -0800[diff] [blame]7 # Make sure that dumpstate runs the same from the "su" domain as
8 # from the "init" domain.
9 domain_auto_trans(su, dumpstate_exec, dumpstate)
10
dcashman2e00e632016-10-12 14:58:09 -0700[diff] [blame^]11# su is also permissive to permit setenforce.
Nick Kralevich88ce9512014-01-09 15:25:36 -0800[diff] [blame]12 permissive su;
Sreeram Ramachandranbc320182014-05-02 14:50:26 -0700[diff] [blame]13
dcashman2e00e632016-10-12 14:58:09 -0700[diff] [blame^]14 # app_domain fallout
15 tmpfs_domain(su)
16 # Map with PROT_EXEC.
17 allow su su_tmpfs:file execute;
Nick Kralevich88ce9512014-01-09 15:25:36 -0800[diff] [blame]18')