Allow ADB to interact extensively with system_data_files.

Long term this should be scoped down. Change-Id: I261f05568566cca38bc5c43fbfa7ff1c816e5846

Allow ADB to interact extensively with system_data_files.
Long term this should be scoped down. Change-Id: I261f05568566cca38bc5c43fbfa7ff1c816e5846
9504a507 · repo sync · e855c3b4 · 9504a507 · 9504a507
Commit 9504a507 authored 11 years ago by repo sync
--- a/adbd.te
+++ b/adbd.te
@@ -31,6 +31,10 @@ domain_auto_trans(adbd, shell_exec, shell)
 # Do not sanitize the environment of the shell.
 allow adbd shell:process noatsecure;
+# XXX Mostly to access system properties and keys- maybe those should be their own type?
+allow adbd system_data_file:file create_file_perms;
+allow adbd system_data_file:dir create_dir_perms;
 # Perform binder IPC to surfaceflinger (screencap)
 # XXX Run screencap in a separate domain?
 binder_use(adbd)

--- a/system.te
+++ b/system.te
@@ -140,6 +140,7 @@ allow system urandom_device:chr_file rw_file_perms;
 allow system usbaccessory_device:chr_file rw_file_perms;
 allow system video_device:chr_file rw_file_perms;
 allow system qemu_device:chr_file rw_file_perms;
+allow system devpts:chr_file rw_file_perms;
 # tun device used for 3rd party vpn apps
 allow system tun_device:chr_file rw_file_perms;