| Nick Kralevich | a191398 | 2015-03-19 09:35:31 -0700 | [diff] [blame] | 1 | # File types must be defined for file_contexts. |
| 2 | type procrank_exec, exec_type, file_type; |
| 3 | |
| 4 | userdebug_or_eng(` |
| 5 | type procrank, domain, mlstrustedsubject; |
| 6 | |
| 7 | domain_auto_trans(shell, procrank_exec, procrank) |
| Nick Kralevich | fa281f5 | 2015-03-19 11:18:03 -0700 | [diff] [blame] | 8 | domain_auto_trans(dumpstate, procrank_exec, procrank) |
| Nick Kralevich | a191398 | 2015-03-19 09:35:31 -0700 | [diff] [blame] | 9 | allow procrank self:capability sys_ptrace; |
| 10 | allow procrank devpts:chr_file { read write getattr ioctl }; |
| Nick Kralevich | fa281f5 | 2015-03-19 11:18:03 -0700 | [diff] [blame] | 11 | allow procrank dumpstate:unix_stream_socket { read write getattr }; |
| Nick Kralevich | a191398 | 2015-03-19 09:35:31 -0700 | [diff] [blame] | 12 | r_dir_file(procrank, domain) |
| Nick Kralevich | fa281f5 | 2015-03-19 11:18:03 -0700 | [diff] [blame] | 13 | allow procrank { shell dumpstate }:fd use; |
| Nick Kralevich | a191398 | 2015-03-19 09:35:31 -0700 | [diff] [blame] | 14 | allow procrank adbd:process sigchld; |
| Jeff Vander Stoep | 099d632 | 2015-07-10 11:13:16 -0700 | [diff] [blame] | 15 | # allow procrank write to bugreport. |
| 16 | allow procrank shell_data_file:file w_file_perms; |
| Nick Kralevich | a191398 | 2015-03-19 09:35:31 -0700 | [diff] [blame] | 17 | ') |