| Alan Stokes | 7bde36e | 2022-03-09 16:41:06 +0000 | [diff] [blame] | 1 | typeattribute shell coredomain; |
| Inseob Kim | e138997 | 2021-07-19 07:48:34 +0000 | [diff] [blame] | 2 | |
| Inseob Kim | e138997 | 2021-07-19 07:48:34 +0000 | [diff] [blame] | 3 | # Perform SELinux access checks, needed for CTS |
| 4 | selinux_check_access(shell) |
| 5 | selinux_check_context(shell) |
| 6 | |
| 7 | # Allow shell to run adb shell cmd stats commands. Needed for CTS. |
| 8 | binder_call(shell, statsd); |
| 9 | |
| Inseob Kim | e138997 | 2021-07-19 07:48:34 +0000 | [diff] [blame] | 10 | # Connect to adbd and use a socket transferred from it. |
| 11 | # This is used for e.g. adb backup/restore. |
| 12 | allow shell adbd:unix_stream_socket connectto; |
| 13 | allow shell adbd:fd use; |
| 14 | allow shell adbd:unix_stream_socket { getattr getopt ioctl read write shutdown }; |
| 15 | |
| 16 | # filesystem test for insecure chr_file's is done |
| 17 | # via a host side test |
| 18 | allow shell dev_type:dir r_dir_perms; |
| 19 | allow shell dev_type:chr_file getattr; |
| 20 | |
| 21 | # filesystem test for insucre blk_file's is done |
| 22 | # via hostside test |
| 23 | allow shell dev_type:blk_file getattr; |
| Inseob Kim | 7687600 | 2021-08-05 02:05:16 +0000 | [diff] [blame] | 24 | |
| 25 | # Test tool automatically tries to access /sys/class/power_supply. |
| 26 | # Suppressing it as we don't need power_supply in microdroid. |
| 27 | dontaudit shell sysfs:dir r_dir_perms; |
| Inseob Kim | 5ee61a7 | 2021-09-17 19:31:45 +0900 | [diff] [blame] | 28 | |
| 29 | # Test tool tries to read various service status properties. |
| Victor Hsieh | a62b3ff | 2022-05-02 09:47:11 -0700 | [diff] [blame] | 30 | get_prop(shell, boot_status_prop) |
| Inseob Kim | 5ee61a7 | 2021-09-17 19:31:45 +0900 | [diff] [blame] | 31 | get_prop(shell, init_service_status_prop) |
| 32 | get_prop(shell, init_service_status_private_prop) |
| 33 | |
| 34 | set_prop(shell, log_tag_prop) |