diff options
author | Ricardo Cerqueira <cyanogenmod@cerqueira.org> | 2014-12-10 17:17:18 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@cyanogenmod.org> | 2014-12-10 17:19:14 +0000 |
commit | 7cd698341ffe2e58570a2448b033d3e78d3b5250 (patch) | |
tree | 84b983e2cf2e5e972a2400e3e8d22f74cb8394f2 /sepolicy/su.te | |
parent | 06ec5853f36138ffdadca3e577f251b0381f3777 (diff) | |
download | vendor_replicant-7cd698341ffe2e58570a2448b033d3e78d3b5250.zip vendor_replicant-7cd698341ffe2e58570a2448b033d3e78d3b5250.tar.gz vendor_replicant-7cd698341ffe2e58570a2448b033d3e78d3b5250.tar.bz2 |
Revert "SELinux: su: update policies"
This reverts commit 04fd9192b05ae2655560a444711fe8859430f439.
Change-Id: I69e51fb6c151a48972cf81947c1c59c6f26f60e9
Diffstat (limited to 'sepolicy/su.te')
-rw-r--r-- | sepolicy/su.te | 15 |
1 files changed, 1 insertions, 14 deletions
diff --git a/sepolicy/su.te b/sepolicy/su.te index 6b4b631..76e4176 100644 --- a/sepolicy/su.te +++ b/sepolicy/su.te @@ -46,9 +46,8 @@ userdebug_or_eng(` userdebug_or_eng(` typealias shell alias suclient; - # Translate user and platform apps to the shell domain when using su + # Translate user apps to the shell domain when using su domain_auto_trans(untrusted_app, su_exec, suclient) - domain_auto_trans(platform_app, su_exec, suclient) allow suclient sudaemon:unix_stream_socket { connectto read write setopt ioctl }; @@ -59,16 +58,4 @@ userdebug_or_eng(` allow system_app superuser_device:sock_file { read write create setattr unlink getattr }; allow system_app sudaemon:unix_stream_socket { connectto read write setopt ioctl }; allow system_app superuser_device:dir { create rw_dir_perms setattr unlink }; - - ## From external/sepolicy/domain.te adjusted from sudaemon - # Same as adbd rules above, except allow su to do the same thing - allow domain sudaemon:unix_stream_socket connectto; - allow domain sudaemon:fd use; - allow domain sudaemon:unix_stream_socket { getattr getopt read write shutdown }; - binder_call(domain, sudaemon) - # Running something like "pm dump com.android.bluetooth" requires - # fifo writes - allow domain sudaemon:fifo_file { write getattr }; - # allow "gdbserver --attach" to work for su. - allow domain sudaemon:process sigchld; ') |