1# Domain for shell processes spawned by ADB or console service.
2type shell, domain, mlstrustedsubject;
3type shell_exec, exec_type, file_type;
4
5# Create and use network sockets.
6net_domain(shell)
7
8# Run app_process.
9# XXX Transition into its own domain?
10app_domain(shell)
11
12# logcat
13read_logd(shell)
14control_logd(shell)
15# logcat -L (directly, or via dumpstate)
16allow shell pstorefs:dir search;
17allow shell pstorefs:file r_file_perms;
18# logpersistd (nee logcatd) files
19allow shell misc_logd_file:dir r_dir_perms;
20allow shell misc_logd_file:file r_file_perms;
21
22# read files in /data/anr
23allow shell anr_data_file:dir r_dir_perms;
24allow shell anr_data_file:file r_file_perms;
25
26# Access /data/local/tmp.
27allow shell shell_data_file:dir create_dir_perms;
28allow shell shell_data_file:file create_file_perms;
29allow shell shell_data_file:file rx_file_perms;
30allow shell shell_data_file:lnk_file create_file_perms;
31
32# adb bugreport
33unix_socket_connect(shell, dumpstate, dumpstate)
34
35allow shell devpts:chr_file rw_file_perms;
36allow shell tty_device:chr_file rw_file_perms;
37allow shell console_device:chr_file rw_file_perms;
38allow shell input_device:dir r_dir_perms;
39allow shell input_device:chr_file rw_file_perms;
40allow shell system_file:file x_file_perms;
41allow shell shell_exec:file rx_file_perms;
42allow shell zygote_exec:file rx_file_perms;
43
44r_dir_file(shell, apk_data_file)
45
46# Set properties.
47set_prop(shell, shell_prop)
48set_prop(shell, ctl_dumpstate_prop)
49set_prop(shell, debug_prop)
50set_prop(shell, powerctl_prop)
51
52# systrace support - allow atrace to run
53# debugfs doesn't support labeling individual files, so we have
54# to grant read access to all of /sys/kernel/debug.
55# Directory read access and file write access is already granted
56# in domain.te.
57allow shell debugfs:file r_file_perms;
58
59# allow shell to run dmesg
60allow shell kernel:system syslog_read;
61
62# allow shell access to services
63allow shell servicemanager:service_manager list;
64# don't allow shell to access GateKeeper service
65allow shell { service_manager_type -gatekeeper_service }:service_manager find;
66
67# allow shell to look through /proc/ for ps, top
68allow shell domain:dir { search open read getattr };
69allow shell domain:{ file lnk_file } { open read getattr };
70
71# allow shell to read /proc/pid/attr/current for ps -Z
72allow shell domain:process getattr;
73
74# enable shell domain to read/write files/dirs for bootchart data
75# User will creates the start and stop file via adb shell
76# and read other files created by init process under /data/bootchart
77allow shell bootchart_data_file:dir rw_dir_perms;
78allow shell bootchart_data_file:file create_file_perms;
79
80# Do not allow shell to hard link to any files.
81# In particular, if shell hard links to app data
82# files, installd will not be able to guarantee the deletion
83# of the linked to file. Hard links also contribute to security
84# bugs, so we want to ensure the shell user never has this
85# capability.
86neverallow shell file_type:file link;
87