Stephen Smalley | b3cb969 | 2014-02-21 13:45:29 -0500 | [diff] [blame] | 1 | # Domain for shell processes spawned by ADB or console service. |
Stephen Smalley | 42fb824 | 2014-06-11 07:10:09 -0400 | [diff] [blame] | 2 | type shell, domain, mlstrustedsubject; |
Stephen Smalley | 0130154 | 2013-09-27 10:38:14 -0400 | [diff] [blame] | 3 | type shell_exec, exec_type, file_type; |
Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 4 | |
Stephen Smalley | 396015c | 2014-01-07 12:47:10 -0500 | [diff] [blame] | 5 | # Create and use network sockets. |
| 6 | net_domain(shell) |
| 7 | |
Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 8 | # Run app_process. |
Stephen Smalley | 712ca0a | 2013-10-23 13:25:53 -0400 | [diff] [blame] | 9 | # XXX Transition into its own domain? |
Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 10 | app_domain(shell) |
Stephen Smalley | d99e6d5 | 2013-12-02 14:18:11 -0500 | [diff] [blame] | 11 | |
Mark Salyzyn | 34d32ea | 2014-12-15 12:01:35 -0800 | [diff] [blame] | 12 | # logcat |
Mark Salyzyn | ad5315d | 2014-03-17 13:00:38 -0700 | [diff] [blame] | 13 | read_logd(shell) |
| 14 | control_logd(shell) |
Mark Salyzyn | 34d32ea | 2014-12-15 12:01:35 -0800 | [diff] [blame] | 15 | # logcat -L (directly, or via dumpstate) |
| 16 | allow shell pstorefs:dir search; |
| 17 | allow shell pstorefs:file r_file_perms; |
Mark Salyzyn | ad5315d | 2014-03-17 13:00:38 -0700 | [diff] [blame] | 18 | |
Nick Kralevich | 4fd4a20 | 2014-06-05 13:27:44 -0700 | [diff] [blame] | 19 | # read files in /data/anr |
| 20 | allow shell anr_data_file:dir r_dir_perms; |
| 21 | allow shell anr_data_file:file r_file_perms; |
| 22 | |
Stephen Smalley | 42fb824 | 2014-06-11 07:10:09 -0400 | [diff] [blame] | 23 | # Access /data/local/tmp. |
| 24 | allow shell shell_data_file:dir create_dir_perms; |
| 25 | allow shell shell_data_file:file create_file_perms; |
| 26 | allow shell shell_data_file:file rx_file_perms; |
Brian Carlstrom | fc6214b | 2014-12-09 23:49:31 -0800 | [diff] [blame] | 27 | allow shell shell_data_file:lnk_file create_file_perms; |
Stephen Smalley | 42fb824 | 2014-06-11 07:10:09 -0400 | [diff] [blame] | 28 | |
| 29 | # adb bugreport |
| 30 | unix_socket_connect(shell, dumpstate, dumpstate) |
| 31 | |
Stephen Smalley | 42fb824 | 2014-06-11 07:10:09 -0400 | [diff] [blame] | 32 | allow shell devpts:chr_file rw_file_perms; |
| 33 | allow shell tty_device:chr_file rw_file_perms; |
| 34 | allow shell console_device:chr_file rw_file_perms; |
Stephen Smalley | a2e4e26 | 2014-06-11 12:09:15 -0400 | [diff] [blame] | 35 | allow shell input_device:dir r_dir_perms; |
Stephen Smalley | 42fb824 | 2014-06-11 07:10:09 -0400 | [diff] [blame] | 36 | allow shell input_device:chr_file rw_file_perms; |
| 37 | allow shell system_file:file x_file_perms; |
| 38 | allow shell shell_exec:file rx_file_perms; |
| 39 | allow shell zygote_exec:file rx_file_perms; |
| 40 | |
| 41 | r_dir_file(shell, apk_data_file) |
| 42 | |
| 43 | # Set properties. |
| 44 | unix_socket_connect(shell, property, init) |
| 45 | allow shell shell_prop:property_service set; |
| 46 | allow shell ctl_dumpstate_prop:property_service set; |
| 47 | allow shell debug_prop:property_service set; |
| 48 | allow shell powerctl_prop:property_service set; |
| 49 | |
| 50 | # systrace support - allow atrace to run |
| 51 | # debugfs doesn't support labeling individual files, so we have |
| 52 | # to grant read access to all of /sys/kernel/debug. |
| 53 | # Directory read access and file write access is already granted |
| 54 | # in domain.te. |
| 55 | allow shell debugfs:file r_file_perms; |
| 56 | |
| 57 | # allow shell to run dmesg |
| 58 | allow shell kernel:system syslog_read; |
dcashman | 0780f30 | 2014-12-30 15:21:50 -0800 | [diff] [blame] | 59 | |
dcashman | 5fef2de | 2015-01-23 15:55:42 -0800 | [diff] [blame] | 60 | # allow shell access to services |
dcashman | 0780f30 | 2014-12-30 15:21:50 -0800 | [diff] [blame] | 61 | allow shell servicemanager:service_manager list; |
Andres Morales | e207986 | 2015-04-03 16:46:33 -0700 | [diff] [blame^] | 62 | # don't allow shell to access GateKeeper service |
| 63 | allow shell { service_manager_type -gatekeeper_service }:service_manager find; |
dcashman | 23f3361 | 2015-03-03 11:20:15 -0800 | [diff] [blame] | 64 | service_manager_local_audit_domain(shell) |
dcashman | 25fef2e | 2015-01-16 13:39:59 -0800 | [diff] [blame] | 65 | |
| 66 | # allow shell to look through /proc/ for ps, top |
| 67 | allow shell domain:dir { search open read getattr }; |
| 68 | allow shell domain:{ file lnk_file } { open read getattr }; |
Yongqin Liu | cc38e6d | 2014-12-05 13:40:22 +0800 | [diff] [blame] | 69 | |
Stephen Smalley | d5892b4 | 2015-03-16 11:43:22 -0400 | [diff] [blame] | 70 | # allow shell to read /proc/pid/attr/current for ps -Z |
| 71 | allow shell domain:process getattr; |
| 72 | |
Yongqin Liu | cc38e6d | 2014-12-05 13:40:22 +0800 | [diff] [blame] | 73 | # enable shell domain to read/write files/dirs for bootchart data |
| 74 | # User will creates the start and stop file via adb shell |
| 75 | # and read other files created by init process under /data/bootchart |
| 76 | allow shell bootchart_data_file:dir rw_dir_perms; |
| 77 | allow shell bootchart_data_file:file create_file_perms; |