| Yabin Cui | ffa2b61 | 2018-11-02 14:34:06 -0700 | [diff] [blame] | 1 | typeattribute runas_app coredomain; |
| 2 | |
| 3 | app_domain(runas_app) |
| 4 | untrusted_app_domain(runas_app) |
| 5 | net_domain(runas_app) |
| 6 | bluetooth_domain(runas_app) |
| 7 | |
| Nick Kralevich | 65a89c1 | 2018-12-21 10:03:50 -0800 | [diff] [blame] | 8 | # The ability to call exec() on files in the apps home directories |
| Yabin Cui | 770a4f6 | 2019-01-07 16:37:24 -0800 | [diff] [blame] | 9 | # when using run-as on a debuggable app. Used to run lldb/ndk-gdb/simpleperf, |
| 10 | # which are copied to the apps home directories. |
| Nick Kralevich | 65a89c1 | 2018-12-21 10:03:50 -0800 | [diff] [blame] | 11 | allow runas_app app_data_file:file execute_no_trans; |
| Yabin Cui | 770a4f6 | 2019-01-07 16:37:24 -0800 | [diff] [blame] | 12 | |
| 13 | # Allow lldb/ndk-gdb/simpleperf to read maps of debuggable app processes. |
| 14 | r_dir_file(runas_app, untrusted_app_all) |
| 15 | |
| 16 | # Allow lldb/ndk-gdb/simpleperf to ptrace attach to debuggable app processes. |
| Nick Kralevich | 337f564 | 2019-01-30 13:19:36 -0800 | [diff] [blame^] | 17 | allow runas_app untrusted_app_all:process { ptrace signal sigstop }; |