Blame - private/su.te - android_system_sepolicy

blob: 3dda00f9b6eb7a9583ac3262009febb9b39e333c [file] [log] [blame]

Nick Kralevich	88ce951	2014-01-09 15:25:36 -0800	[diff] [blame]	1	userdebug_or_eng(`
Nick Kralevich	88ce951	2014-01-09 15:25:36 -0800	[diff] [blame]	2	domain_auto_trans(shell, su_exec, su)
Nick Kralevich	88ce951	2014-01-09 15:25:36 -0800	[diff] [blame]	3	# Allow dumpstate to call su on userdebug / eng builds to collect
				4	# additional information.
				5	domain_auto_trans(dumpstate, su_exec, su)
Stephen Smalley	d99e6d5	2013-12-02 14:18:11 -0500	[diff] [blame]	6
Christopher Ferris	5ec38c4	2015-01-29 12:11:55 -0800	[diff] [blame]	7	# Make sure that dumpstate runs the same from the "su" domain as
				8	# from the "init" domain.
				9	domain_auto_trans(su, dumpstate_exec, dumpstate)
				10
dcashman	2e00e63	2016-10-12 14:58:09 -0700	[diff] [blame]	11	# su is also permissive to permit setenforce.
Nick Kralevich	88ce951	2014-01-09 15:25:36 -0800	[diff] [blame]	12	permissive su;
Sreeram Ramachandran	bc32018	2014-05-02 14:50:26 -0700	[diff] [blame]	13
dcashman	2e00e63	2016-10-12 14:58:09 -0700	[diff] [blame]	14	# app_domain fallout
				15	tmpfs_domain(su)
				16	# Map with PROT_EXEC.
				17	allow su su_tmpfs:file execute;
Nick Kralevich	88ce951	2014-01-09 15:25:36 -0800	[diff] [blame]	18	')