| Alex Klyubin | 8199123 | 2013-05-06 13:24:27 -0700 | [diff] [blame] | 1 | # Domain for shell processes spawned by ADB |
| repo sync | 77d4731 | 2013-05-17 17:11:29 -0700 | [diff] [blame] | 2 | type shell, domain; |
| Stephen Smalley | 0130154 | 2013-09-27 10:38:14 -0400 | [diff] [blame] | 3 | type shell_exec, exec_type, file_type; |
| repo sync | 77d4731 | 2013-05-17 17:11:29 -0700 | [diff] [blame] | 4 | unconfined_domain(shell) |
| Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 5 | |
| Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 6 | # Run app_process. |
| 7 | # XXX Split into its own domain? |
| 8 | app_domain(shell) |
| Stephen Smalley | d99e6d5 | 2013-12-02 14:18:11 -0500 | [diff] [blame] | 9 | |
| 10 | # shell is also permissive to permit setenforce. |
| 11 | permissive shell; |
| Stephen Smalley | 48759ca | 2013-10-29 14:42:39 -0400 | [diff] [blame] | 12 | |
| 13 | # ndk-gdb invokes adb shell ps to find the app PID. |
| 14 | r_dir_file(shell, non_system_app_set) |
| 15 | |
| 16 | # ndk-gdb invokes adb shell ls to check the app data dir. |
| 17 | allow shell app_data_file:dir search; |
| 18 | |
| 19 | # ndk-gdb invokes adb shell kill -9 to kill the gdbserver. |
| 20 | allow shell non_system_app_set:process sigkill; |