Enable selinux read_policy for adb pull.

Remove permission from appdomain. (cherry picked from commit 309cc668) Bug: 16866291 Change-Id: I37936fed33c337e1ab2816258c2aff52700af116

Enable selinux read_policy for adb pull.
Remove permission from appdomain. (cherry picked from commit 309cc668) Bug: 16866291 Change-Id: I37936fed33c337e1ab2816258c2aff52700af116
3e6da147 · dcashman · Nick Kralevich · 9ac7df22 · 3e6da147 · 3e6da147
Commit 3e6da147 authored 10 years ago by dcashman Committed by Nick Kralevich 10 years ago
--- a/adbd.te
+++ b/adbd.te
@@ -69,6 +69,8 @@ allow adbd appdomain:unix_stream_socket connectto;
 allow adbd zygote_exec:file r_file_perms;
 allow adbd system_file:file r_file_perms;

+allow adbd kernel:security read_policy;
+
 service_manager_local_audit_domain(adbd)
 auditallow adbd {
    service_manager_type

--- a/app.te
+++ b/app.te
@@ -166,8 +166,6 @@ allow appdomain runas_exec:file getattr;
 # Check SELinux policy and contexts.
 selinux_check_access(appdomain)
 selinux_check_context(appdomain)
-# Enable reading of current selinux policy file
-allow appdomain kernel:security read_policy;
 # Validate that each process is running in the correct security context.
 allow appdomain domain:process getattr;