1# Domain for shell processes spawned by ADB or console service. 2type shell, domain, mlstrustedsubject; 3type shell_exec, exec_type, file_type; 4 5# Create and use network sockets. 6net_domain(shell) 7 8# Run app_process. 9# XXX Transition into its own domain? 10app_domain(shell) 11 12# logcat 13read_logd(shell) 14control_logd(shell) 15# logcat -L (directly, or via dumpstate) 16allow shell pstorefs:dir search; 17allow shell pstorefs:file r_file_perms; 18# logpersistd (nee logcatd) files 19userdebug_or_eng(` 20 allow shell misc_logd_file:dir r_dir_perms; 21 allow shell misc_logd_file:file r_file_perms; 22') 23 24# Root fs. 25allow shell rootfs:dir r_dir_perms; 26 27# read files in /data/anr 28allow shell anr_data_file:dir r_dir_perms; 29allow shell anr_data_file:file r_file_perms; 30 31# Access /data/local/tmp. 32allow shell shell_data_file:dir create_dir_perms; 33allow shell shell_data_file:file create_file_perms; 34allow shell shell_data_file:file rx_file_perms; 35allow shell shell_data_file:lnk_file create_file_perms; 36 37# Access /data/misc/profman. 38allow shell profman_dump_data_file:dir { search getattr write remove_name }; 39allow shell profman_dump_data_file:file { getattr unlink }; 40 41# Read/execute files in /data/nativetest 42userdebug_or_eng(` 43 allow shell nativetest_data_file:dir r_dir_perms; 44 allow shell nativetest_data_file:file rx_file_perms; 45') 46 47# adb bugreport 48unix_socket_connect(shell, dumpstate, dumpstate) 49 50allow shell devpts:chr_file rw_file_perms; 51allow shell tty_device:chr_file rw_file_perms; 52allow shell console_device:chr_file rw_file_perms; 53allow shell input_device:dir r_dir_perms; 54allow shell input_device:chr_file rw_file_perms; 55r_dir_file(shell, system_file) 56allow shell system_file:file x_file_perms; 57allow shell toolbox_exec:file rx_file_perms; 58allow shell shell_exec:file rx_file_perms; 59allow shell zygote_exec:file rx_file_perms; 60 61r_dir_file(shell, apk_data_file) 62 63# Set properties. 64set_prop(shell, shell_prop) 65set_prop(shell, ctl_bugreport_prop) 66set_prop(shell, ctl_dumpstate_prop) 67set_prop(shell, dumpstate_prop) 68set_prop(shell, debug_prop) 69set_prop(shell, powerctl_prop) 70set_prop(shell, log_tag_prop) 71set_prop(shell, wifi_log_prop) 72userdebug_or_eng(`set_prop(shell, log_prop)') 73 74# systrace support - allow atrace to run 75allow shell debugfs_tracing:dir r_dir_perms; 76allow shell debugfs_tracing:file rw_file_perms; 77allow shell debugfs_trace_marker:file getattr; 78allow shell atrace_exec:file rx_file_perms; 79 80userdebug_or_eng(` 81 # "systrace --boot" support - allow boottrace service to run 82 allow shell boottrace_data_file:dir rw_dir_perms; 83 allow shell boottrace_data_file:file create_file_perms; 84 set_prop(shell, persist_debug_prop) 85') 86 87# allow shell to run dmesg 88allow shell kernel:system syslog_read; 89 90# allow shell access to services 91allow shell servicemanager:service_manager list; 92# don't allow shell to access GateKeeper service 93allow shell { service_manager_type -gatekeeper_service -netd_service }:service_manager find; 94 95# allow shell to look through /proc/ for ps, top, netstat 96r_dir_file(shell, proc) 97r_dir_file(shell, proc_net) 98allow shell proc_meminfo:file r_file_perms; 99r_dir_file(shell, cgroup) 100allow shell domain:dir { search open read getattr }; 101allow shell domain:{ file lnk_file } { open read getattr }; 102 103# statvfs() of /proc and other labeled filesystems 104# (yaffs2, jffs2, ext2, ext3, ext4, xfs, btrfs, f2fs, squashfs) 105allow shell { proc labeledfs }:filesystem getattr; 106 107# stat() of /dev 108allow shell device:dir getattr; 109 110# allow shell to read /proc/pid/attr/current for ps -Z 111allow shell domain:process getattr; 112 113# Allow pulling the SELinux policy for CTS purposes 114allow shell selinuxfs:dir r_dir_perms; 115allow shell selinuxfs:file r_file_perms; 116 117# enable shell domain to read/write files/dirs for bootchart data 118# User will creates the start and stop file via adb shell 119# and read other files created by init process under /data/bootchart 120allow shell bootchart_data_file:dir rw_dir_perms; 121allow shell bootchart_data_file:file create_file_perms; 122 123# Make sure strace works for the non-privileged shell user 124allow shell self:process ptrace; 125 126# allow shell to get battery info 127allow shell sysfs_batteryinfo:file r_file_perms; 128allow shell sysfs:dir r_dir_perms; 129 130# Allow access to ion memory allocation device. 131allow shell ion_device:chr_file rw_file_perms; 132 133# Access to /data/media. 134# This should be removed if sdcardfs is modified to alter the secontext for its 135# accesses to the underlying FS. 136allow shell media_rw_data_file:dir create_dir_perms; 137allow shell media_rw_data_file:file create_file_perms; 138 139### 140### Neverallow rules 141### 142 143# Do not allow shell to hard link to any files. 144# In particular, if shell hard links to app data 145# files, installd will not be able to guarantee the deletion 146# of the linked to file. Hard links also contribute to security 147# bugs, so we want to ensure the shell user never has this 148# capability. 149neverallow shell file_type:file link; 150 151# Do not allow privileged socket ioctl commands 152neverallowxperm shell domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls; 153