From 20a791a4f230dad2bdd34686e2b4abc7852f08cb Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Thu, 19 Dec 2013 21:55:12 -0800
Subject: [PATCH] shell: allow setting debug_prop and powerctl_prop

Allow the shell user to set debug.* properties.
This allows systrace to work on Android.

Allow the shell user to set sys.powerctl, to allow reboots
to work.

Addresses the following denials:

<4>[ 2141.449722] avc:  denied  { set } for property=debug.atrace.tags.enableflags scontext=u:r:shell:s0 tcontext=u:object_r:debug_prop:s0 tclass=property_service
<4>[ 2141.450820] avc:  denied  { set } for property=debug.atrace.app_cmdlines scontext=u:r:shell:s0 tcontext=u:object_r:debug_prop:s0 tclass=property_service
<4>[ 2141.506703] avc:  denied  { set } for property=debug.atrace.tags.enableflags scontext=u:r:shell:s0 tcontext=u:object_r:debug_prop:s0 tclass=property_service
<4>[ 2141.507591] avc:  denied  { set } for property=debug.atrace.app_cmdlines scontext=u:r:shell:s0 tcontext=u:object_r:debug_prop:s0 tclass=property_service

Bug: 12231073
Change-Id: Iaba1db06ba287c7d5d10ce287833c57238e03bb6
---
 shelldomain.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/shelldomain.te b/shelldomain.te
index 408e9daa3..1394350bc 100644
--- a/shelldomain.te
+++ b/shelldomain.te
@@ -28,6 +28,8 @@ allow shelldomain dalvikcache_data_file:file { write setattr };
 unix_socket_connect(shelldomain, property, init)
 allow shelldomain shell_prop:property_service set;
 allow shelldomain ctl_dumpstate_prop:property_service set;
+allow shelldomain debug_prop:property_service set;
+allow shelldomain powerctl_prop:property_service set;
 
 # ndk-gdb invokes adb shell ps to find the app PID.
 r_dir_file(shelldomain, non_system_app_set)
-- 
GitLab