1typeattribute shell coredomain; 2 3# allow shell input injection 4allow shell uhid_device:chr_file rw_file_perms; 5 6# systrace support - allow atrace to run 7allow shell debugfs_tracing:dir r_dir_perms; 8allow shell debugfs_tracing:file rw_file_perms; 9allow shell debugfs_trace_marker:file getattr; 10allow shell atrace_exec:file rx_file_perms; 11 12# read config.gz for CTS purposes 13allow shell config_gz:file r_file_perms; 14 15userdebug_or_eng(` 16 allow shell debugfs_tracing_debug:file rw_file_perms; 17') 18 19# Run app_process. 20# XXX Transition into its own domain? 21app_domain(shell) 22 23# allow shell to call dumpsys storaged 24binder_call(shell, storaged) 25 26# Perform SELinux access checks, needed for CTS 27selinux_check_access(shell) 28selinux_check_context(shell) 29