| Tri Vo | bc8dc3a | 2019-05-26 13:17:08 -0700 | [diff] [blame^] | 1 | typeattribute runas_app coredomain; |
| 2 | |
| 3 | app_domain(runas_app) |
| 4 | untrusted_app_domain(runas_app) |
| 5 | net_domain(runas_app) |
| 6 | bluetooth_domain(runas_app) |
| 7 | |
| 8 | # The ability to call exec() on files in the apps home directories |
| 9 | # when using run-as on a debuggable app. Used to run lldb/ndk-gdb/simpleperf, |
| 10 | # which are copied to the apps home directories. |
| 11 | allow runas_app app_data_file:file execute_no_trans; |
| 12 | |
| 13 | # Allow lldb/ndk-gdb/simpleperf to read maps of debuggable app processes. |
| 14 | r_dir_file(runas_app, untrusted_app_all) |
| 15 | |
| 16 | # Allow lldb/ndk-gdb/simpleperf to ptrace attach to debuggable app processes. |
| 17 | allow runas_app untrusted_app_all:process { ptrace signal sigstop }; |
| 18 | allow runas_app untrusted_app_all:unix_stream_socket connectto; |