blob: bf9ee44a5d1d7709f1a73b8cd791bb3ed89ff8bd [file] [log] [blame]
Stephen Smalleye8848722012-11-13 13:00:05 -05001type shell, domain, mlstrustedsubject;
Stephen Smalley2dd4e512012-01-04 12:33:27 -05002type shell_exec, file_type;
Stephen Smalley2dd4e512012-01-04 12:33:27 -05003domain_auto_trans(init, shell_exec, shell)
4allow shell rootfs:dir r_dir_perms;
5allow shell devpts:chr_file rw_file_perms;
6allow shell tty_device:chr_file rw_file_perms;
7allow shell console_device:chr_file rw_file_perms;
8allow shell system_file:file x_file_perms;
9allow shell shell_exec:file rx_file_perms;
10allow shell zygote_exec:file rx_file_perms;
11allow shell shell_data_file:dir create_dir_perms;
12allow shell shell_data_file:file create_file_perms;
13allow shell shell_data_file:file rx_file_perms;
14
Stephen Smalleyc83d0082012-03-07 14:59:01 -050015# Access sdcard.
William Robertsc195ec32013-03-06 16:26:36 -080016allow shell sdcard_type:dir rw_dir_perms;
17allow shell sdcard_type:file create_file_perms;
Stephen Smalley6261d6d2012-01-12 08:57:50 -050018
Stephen Smalley2dd4e512012-01-04 12:33:27 -050019r_dir_file(shell, apk_data_file)
Geremy Condraba84bf12013-03-22 21:41:37 +000020allow shell dalvikcache_data_file:file write;
Stephen Smalley2dd4e512012-01-04 12:33:27 -050021
Stephen Smalley2dd4e512012-01-04 12:33:27 -050022# Run logcat.
23allow shell log_device:chr_file r_file_perms;
24
25# Run app_process.
26# XXX Split into its own domain?
27app_domain(shell)
Stephen Smalley124720a2012-04-04 10:11:16 -040028
29# Property Service
30allow shell shell_prop:property_service set;
31
32# setprop toolbox command
William Robertsc34a2522012-11-27 08:18:52 -080033unix_socket_connect(shell, property, init)
Stephen Smalley124720a2012-04-04 10:11:16 -040034
35# ctl interface
36allow shell ctl_dumpstate_prop:property_service set;