Skip to content
Snippets Groups Projects
Commit f821b5a7 authored by Nick Kralevich's avatar Nick Kralevich
Browse files

allow shell dmesg 

Allow the shell user to see the dmesg output. This data is already
available via "adb bugreport", but isn't easy to access.

Bug: 10020939
Change-Id: I9d4bbbd41cb02b707cdfee79f826a39c1ec2f177
parent ba176c5f
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
app.te
+ 3
1
View file @ f821b5a7
...@@ -318,7 +318,9 @@ neverallow { appdomain -unconfineddomain } ...@@ -318,7 +318,9 @@ neverallow { appdomain -unconfineddomain }
# Access to syslog(2) or /proc/kmsg. # Access to syslog(2) or /proc/kmsg.
neverallow { appdomain -system_app -unconfineddomain } neverallow { appdomain -system_app -unconfineddomain }
kernel:system { syslog_read syslog_mod syslog_console }; kernel:system { syslog_mod syslog_console };
neverallow { appdomain -system_app -unconfineddomain -shelldomain }
kernel:system syslog_read;
# Ability to perform any filesystem operation other than statfs(2). # Ability to perform any filesystem operation other than statfs(2).
# i.e. no mount(2), unmount(2), etc. # i.e. no mount(2), unmount(2), etc.
......
shelldomain.te
+ 3
0
View file @ f821b5a7
...@@ -32,3 +32,6 @@ allow shelldomain powerctl_prop:property_service set; ...@@ -32,3 +32,6 @@ allow shelldomain powerctl_prop:property_service set;
# Directory read access and file write access is already granted # Directory read access and file write access is already granted
# in domain.te. # in domain.te.
allow shelldomain debugfs:file r_file_perms; allow shelldomain debugfs:file r_file_perms;
# allow shell to run dmesg
allow shelldomain kernel:system syslog_read;
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment