| Nick Kralevich | 88ce951 | 2014-01-09 15:25:36 -0800 | [diff] [blame] | 1 | # File types must be defined for file_contexts. |
| Stephen Smalley | 0130154 | 2013-09-27 10:38:14 -0400 | [diff] [blame] | 2 | type su_exec, exec_type, file_type; |
| Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 3 | |
| Nick Kralevich | 88ce951 | 2014-01-09 15:25:36 -0800 | [diff] [blame] | 4 | userdebug_or_eng(` |
| 5 | type su, domain; |
| 6 | domain_auto_trans(shell, su_exec, su) |
| Nick Kralevich | 09e6abd | 2013-12-13 22:19:45 -0800 | [diff] [blame] | 7 | |
| Nick Kralevich | 88ce951 | 2014-01-09 15:25:36 -0800 | [diff] [blame] | 8 | # Allow dumpstate to call su on userdebug / eng builds to collect |
| 9 | # additional information. |
| 10 | domain_auto_trans(dumpstate, su_exec, su) |
| Stephen Smalley | d99e6d5 | 2013-12-02 14:18:11 -0500 | [diff] [blame] | 11 | |
| Nick Kralevich | 88ce951 | 2014-01-09 15:25:36 -0800 | [diff] [blame] | 12 | # su is unconfined. |
| 13 | unconfined_domain(su) |
| 14 | |
| Nick Kralevich | 7d0f955 | 2014-01-18 18:07:06 -0800 | [diff] [blame^] | 15 | allow su ashmem_device:chr_file execute; |
| 16 | allow su self:process execmem; |
| 17 | tmpfs_domain(su) |
| 18 | allow su su_tmpfs:file execute; |
| 19 | |
| Nick Kralevich | 88ce951 | 2014-01-09 15:25:36 -0800 | [diff] [blame] | 20 | # su is also permissive to permit setenforce. |
| 21 | permissive su; |
| 22 | ') |