1# Domain for shell processes spawned by ADB or console service. 2type shell, domain, mlstrustedsubject; 3type shell_exec, exec_type, file_type; 4 5# Create and use network sockets. 6net_domain(shell) 7 8# Run app_process. 9# XXX Transition into its own domain? 10app_domain(shell) 11 12# logcat 13read_logd(shell) 14control_logd(shell) 15# logcat -L (directly, or via dumpstate) 16allow shell pstorefs:dir search; 17allow shell pstorefs:file r_file_perms; 18# logpersistd (nee logcatd) files 19allow shell misc_logd_file:dir r_dir_perms; 20allow shell misc_logd_file:file r_file_perms; 21 22# read files in /data/anr 23allow shell anr_data_file:dir r_dir_perms; 24allow shell anr_data_file:file r_file_perms; 25 26# Access /data/local/tmp. 27allow shell shell_data_file:dir create_dir_perms; 28allow shell shell_data_file:file create_file_perms; 29allow shell shell_data_file:file rx_file_perms; 30allow shell shell_data_file:lnk_file create_file_perms; 31 32# adb bugreport 33unix_socket_connect(shell, dumpstate, dumpstate) 34 35allow shell devpts:chr_file rw_file_perms; 36allow shell tty_device:chr_file rw_file_perms; 37allow shell console_device:chr_file rw_file_perms; 38allow shell input_device:dir r_dir_perms; 39allow shell input_device:chr_file rw_file_perms; 40allow shell system_file:file x_file_perms; 41allow shell shell_exec:file rx_file_perms; 42allow shell zygote_exec:file rx_file_perms; 43 44r_dir_file(shell, apk_data_file) 45 46# Set properties. 47set_prop(shell, shell_prop) 48set_prop(shell, ctl_dumpstate_prop) 49set_prop(shell, debug_prop) 50set_prop(shell, powerctl_prop) 51 52# systrace support - allow atrace to run 53# debugfs doesn't support labeling individual files, so we have 54# to grant read access to all of /sys/kernel/debug. 55# Directory read access and file write access is already granted 56# in domain.te. 57allow shell debugfs:file r_file_perms; 58 59# allow shell to run dmesg 60allow shell kernel:system syslog_read; 61 62# allow shell access to services 63allow shell servicemanager:service_manager list; 64# don't allow shell to access GateKeeper service 65allow shell { service_manager_type -gatekeeper_service }:service_manager find; 66 67# allow shell to look through /proc/ for ps, top 68allow shell domain:dir { search open read getattr }; 69allow shell domain:{ file lnk_file } { open read getattr }; 70 71# allow shell to read /proc/pid/attr/current for ps -Z 72allow shell domain:process getattr; 73 74# enable shell domain to read/write files/dirs for bootchart data 75# User will creates the start and stop file via adb shell 76# and read other files created by init process under /data/bootchart 77allow shell bootchart_data_file:dir rw_dir_perms; 78allow shell bootchart_data_file:file create_file_perms; 79 80# Do not allow shell to hard link to any files. 81# In particular, if shell hard links to app data 82# files, installd will not be able to guarantee the deletion 83# of the linked to file. Hard links also contribute to security 84# bugs, so we want to ensure the shell user never has this 85# capability. 86neverallow shell file_type:file link; 87