Allow ADB to interact extensively with system_data_files. Long term this should be scoped down. Change-Id: I261f05568566cca38bc5c43fbfa7ff1c816e5846

commit: 9504a50740b63d464b9f692c1e8dc8be51a0d70b [log] [tgz]
author: repo sync <gcondra@google.com> Tue Apr 30 18:06:30 2013 -0700
committer: repo sync <gcondra@google.com> Tue Apr 30 18:18:31 2013 -0700
tree: 46cf8f29f3d36b7c4b117bd898ed396daad55964
parent: e855c3b4901ff18fd17b9b58593923e95d3e19fa [diff]
diff --git a/adbd.te b/adbd.te
index 4026fcb..c565bd7 100644
--- a/adbd.te
+++ b/adbd.te

@@ -31,6 +31,10 @@
 # Do not sanitize the environment of the shell.
 allow adbd shell:process noatsecure;
 
+# XXX Mostly to access system properties and keys- maybe those should be their own type?
+allow adbd system_data_file:file create_file_perms;
+allow adbd system_data_file:dir create_dir_perms;
+
 # Perform binder IPC to surfaceflinger (screencap)
 # XXX Run screencap in a separate domain?
 binder_use(adbd)

diff --git a/system.te b/system.te
index 0adbd2d..761f282 100644
--- a/system.te
+++ b/system.te

@@ -140,6 +140,7 @@
 allow system usbaccessory_device:chr_file rw_file_perms;
 allow system video_device:chr_file rw_file_perms;
 allow system qemu_device:chr_file rw_file_perms;
+allow system devpts:chr_file rw_file_perms;
 
 # tun device used for 3rd party vpn apps
 allow system tun_device:chr_file rw_file_perms;
commit	9504a50740b63d464b9f692c1e8dc8be51a0d70b	[log] [tgz]
author	repo sync <gcondra@google.com>	Tue Apr 30 18:06:30 2013 -0700
committer	repo sync <gcondra@google.com>	Tue Apr 30 18:18:31 2013 -0700
tree	46cf8f29f3d36b7c4b117bd898ed396daad55964
parent	e855c3b4901ff18fd17b9b58593923e95d3e19fa [diff]