1 typeattribute shell coredomain; 2 3 # allow shell input injection 4 allow shell uhid_device:chr_file rw_file_perms; 5 6 # systrace support - allow atrace to run 7 allow shell debugfs_tracing:dir r_dir_perms; 8 allow shell debugfs_tracing:file rw_file_perms; 9 allow shell debugfs_trace_marker:file getattr; 10 allow shell atrace_exec:file rx_file_perms; 11 12 # read config.gz for CTS purposes 13 allow shell config_gz:file r_file_perms; 14 15 userdebug_or_eng(` 16 allow shell debugfs_tracing_debug:file rw_file_perms; 17 ') 18 19 # Run app_process. 20 # XXX Transition into its own domain? 21 app_domain(shell) 22 23 # allow shell to call dumpsys storaged 24 binder_call(shell, storaged) 25 26 # Perform SELinux access checks, needed for CTS 27 selinux_check_access(shell) 28 selinux_check_context(shell) 29
