Blame - shell.te - fp2-dev/platform/external/sepolicy

blob: 4b4093dc22e3789954c8a0352f8118ee2dc197de [file] [log] [blame]

Stephen Smalley	b3cb969	2014-02-21 13:45:29 -0500	[diff] [blame]	1	# Domain for shell processes spawned by ADB or console service.
Stephen Smalley	42fb824	2014-06-11 07:10:09 -0400	[diff] [blame]	2	type shell, domain, mlstrustedsubject;
Stephen Smalley	0130154	2013-09-27 10:38:14 -0400	[diff] [blame]	3	type shell_exec, exec_type, file_type;
Stephen Smalley	2dd4e51	2012-01-04 12:33:27 -0500	[diff] [blame]	4
Stephen Smalley	396015c	2014-01-07 12:47:10 -0500	[diff] [blame]	5	# Create and use network sockets.
				6	net_domain(shell)
				7
Stephen Smalley	2dd4e51	2012-01-04 12:33:27 -0500	[diff] [blame]	8	# Run app_process.
Stephen Smalley	712ca0a	2013-10-23 13:25:53 -0400	[diff] [blame]	9	# XXX Transition into its own domain?
Stephen Smalley	2dd4e51	2012-01-04 12:33:27 -0500	[diff] [blame]	10	app_domain(shell)
Stephen Smalley	d99e6d5	2013-12-02 14:18:11 -0500	[diff] [blame]	11
Mark Salyzyn	34d32ea	2014-12-15 12:01:35 -0800	[diff] [blame]	12	# logcat
Mark Salyzyn	ad5315d	2014-03-17 13:00:38 -0700	[diff] [blame]	13	read_logd(shell)
				14	control_logd(shell)
Mark Salyzyn	34d32ea	2014-12-15 12:01:35 -0800	[diff] [blame]	15	# logcat -L (directly, or via dumpstate)
				16	allow shell pstorefs:dir search;
				17	allow shell pstorefs:file r_file_perms;
Mark Salyzyn	7e0838a	2015-05-26 15:12:45 -0700	[diff] [blame]	18	# logpersistd (nee logcatd) files
				19	allow shell misc_logd_file:dir r_dir_perms;
				20	allow shell misc_logd_file:file r_file_perms;
Mark Salyzyn	ad5315d	2014-03-17 13:00:38 -0700	[diff] [blame]	21
Nick Kralevich	4fd4a20	2014-06-05 13:27:44 -0700	[diff] [blame]	22	# read files in /data/anr
				23	allow shell anr_data_file:dir r_dir_perms;
				24	allow shell anr_data_file:file r_file_perms;
				25
Stephen Smalley	42fb824	2014-06-11 07:10:09 -0400	[diff] [blame]	26	# Access /data/local/tmp.
				27	allow shell shell_data_file:dir create_dir_perms;
				28	allow shell shell_data_file:file create_file_perms;
				29	allow shell shell_data_file:file rx_file_perms;
Brian Carlstrom	fc6214b	2014-12-09 23:49:31 -0800	[diff] [blame]	30	allow shell shell_data_file:lnk_file create_file_perms;
Stephen Smalley	42fb824	2014-06-11 07:10:09 -0400	[diff] [blame]	31
				32	# adb bugreport
				33	unix_socket_connect(shell, dumpstate, dumpstate)
				34
Stephen Smalley	42fb824	2014-06-11 07:10:09 -0400	[diff] [blame]	35	allow shell devpts:chr_file rw_file_perms;
				36	allow shell tty_device:chr_file rw_file_perms;
				37	allow shell console_device:chr_file rw_file_perms;
Stephen Smalley	a2e4e26	2014-06-11 12:09:15 -0400	[diff] [blame]	38	allow shell input_device:dir r_dir_perms;
Stephen Smalley	42fb824	2014-06-11 07:10:09 -0400	[diff] [blame]	39	allow shell input_device:chr_file rw_file_perms;
				40	allow shell system_file:file x_file_perms;
				41	allow shell shell_exec:file rx_file_perms;
				42	allow shell zygote_exec:file rx_file_perms;
				43
				44	r_dir_file(shell, apk_data_file)
				45
				46	# Set properties.
William Roberts	2f5a6a9	2015-05-04 18:22:45 -0700	[diff] [blame]	47	set_prop(shell, shell_prop)
				48	set_prop(shell, ctl_dumpstate_prop)
				49	set_prop(shell, debug_prop)
				50	set_prop(shell, powerctl_prop)
Stephen Smalley	42fb824	2014-06-11 07:10:09 -0400	[diff] [blame]	51
				52	# systrace support - allow atrace to run
				53	# debugfs doesn't support labeling individual files, so we have
				54	# to grant read access to all of /sys/kernel/debug.
				55	# Directory read access and file write access is already granted
				56	# in domain.te.
				57	allow shell debugfs:file r_file_perms;
				58
				59	# allow shell to run dmesg
				60	allow shell kernel:system syslog_read;
dcashman	0780f30	2014-12-30 15:21:50 -0800	[diff] [blame]	61
dcashman	5fef2de	2015-01-23 15:55:42 -0800	[diff] [blame]	62	# allow shell access to services
dcashman	0780f30	2014-12-30 15:21:50 -0800	[diff] [blame]	63	allow shell servicemanager:service_manager list;
Andres Morales	e207986	2015-04-03 16:46:33 -0700	[diff] [blame]	64	# don't allow shell to access GateKeeper service
				65	allow shell { service_manager_type -gatekeeper_service }:service_manager find;
dcashman	25fef2e	2015-01-16 13:39:59 -0800	[diff] [blame]	66
				67	# allow shell to look through /proc/ for ps, top
				68	allow shell domain:dir { search open read getattr };
				69	allow shell domain:{ file lnk_file } { open read getattr };
Yongqin Liu	cc38e6d	2014-12-05 13:40:22 +0800	[diff] [blame]	70
Stephen Smalley	d5892b4	2015-03-16 11:43:22 -0400	[diff] [blame]	71	# allow shell to read /proc/pid/attr/current for ps -Z
				72	allow shell domain:process getattr;
				73
Yongqin Liu	cc38e6d	2014-12-05 13:40:22 +0800	[diff] [blame]	74	# enable shell domain to read/write files/dirs for bootchart data
				75	# User will creates the start and stop file via adb shell
				76	# and read other files created by init process under /data/bootchart
				77	allow shell bootchart_data_file:dir rw_dir_perms;
				78	allow shell bootchart_data_file:file create_file_perms;
Nick Kralevich	e0c8da2	2015-04-16 08:43:10 -0700	[diff] [blame]	79
Jeff Vander Stoep	c47a11b	2016-01-05 13:16:34 -0800	[diff] [blame]	80	# only allow unprivileged socket ioctl commands
				81	allow shell self:{ rawip_socket tcp_socket udp_socket } unpriv_sock_ioctls;
				82
Nick Kralevich	e0c8da2	2015-04-16 08:43:10 -0700	[diff] [blame]	83	# Do not allow shell to hard link to any files.
				84	# In particular, if shell hard links to app data
				85	# files, installd will not be able to guarantee the deletion
				86	# of the linked to file. Hard links also contribute to security
				87	# bugs, so we want to ensure the shell user never has this
				88	# capability.
				89	neverallow shell file_type:file link;