1typeattribute shell coredomain;
2
3# allow shell input injection
4allow shell uhid_device:chr_file rw_file_perms;
5
6# systrace support - allow atrace to run
7allow shell debugfs_tracing:dir r_dir_perms;
8allow shell debugfs_tracing:file rw_file_perms;
9allow shell debugfs_trace_marker:file getattr;
10allow shell atrace_exec:file rx_file_perms;
11
12# read config.gz for CTS purposes
13allow shell config_gz:file r_file_perms;
14
15userdebug_or_eng(`
16  allow shell debugfs_tracing_debug:file rw_file_perms;
17')
18
19# Run app_process.
20# XXX Transition into its own domain?
21app_domain(shell)
22
23# allow shell to call dumpsys storaged
24binder_call(shell, storaged)
25
26# Perform SELinux access checks, needed for CTS
27selinux_check_access(shell)
28selinux_check_context(shell)
29