From 9504a50740b63d464b9f692c1e8dc8be51a0d70b Mon Sep 17 00:00:00 2001
From: repo sync <gcondra@google.com>
Date: Tue, 30 Apr 2013 18:06:30 -0700
Subject: [PATCH] Allow ADB to interact extensively with system_data_files.

Long term this should be scoped down.

Change-Id: I261f05568566cca38bc5c43fbfa7ff1c816e5846
---
 adbd.te   | 4 ++++
 system.te | 1 +
 2 files changed, 5 insertions(+)

diff --git a/adbd.te b/adbd.te
index 4026fcb94..c565bd75e 100644
--- a/adbd.te
+++ b/adbd.te
@@ -31,6 +31,10 @@ domain_auto_trans(adbd, shell_exec, shell)
 # Do not sanitize the environment of the shell.
 allow adbd shell:process noatsecure;
 
+# XXX Mostly to access system properties and keys- maybe those should be their own type?
+allow adbd system_data_file:file create_file_perms;
+allow adbd system_data_file:dir create_dir_perms;
+
 # Perform binder IPC to surfaceflinger (screencap)
 # XXX Run screencap in a separate domain?
 binder_use(adbd)
diff --git a/system.te b/system.te
index 0adbd2d8c..761f28283 100644
--- a/system.te
+++ b/system.te
@@ -140,6 +140,7 @@ allow system urandom_device:chr_file rw_file_perms;
 allow system usbaccessory_device:chr_file rw_file_perms;
 allow system video_device:chr_file rw_file_perms;
 allow system qemu_device:chr_file rw_file_perms;
+allow system devpts:chr_file rw_file_perms;
 
 # tun device used for 3rd party vpn apps
 allow system tun_device:chr_file rw_file_perms;
-- 
GitLab