diff options
| author | alk3pInjection <webmaster@raspii.tech> | 2022-05-01 21:36:16 +0800 |
|---|---|---|
| committer | alk3pInjection <webmaster@raspii.tech> | 2022-05-01 21:36:16 +0800 |
| commit | 329b113bc1329f83fe1eecd32213435f8885ca71 (patch) | |
| tree | af249b7fce9300b5248cbffe94a08d48fb919f73 /private/shell.te | |
| parent | 18c07b58901c9d0e7fc0d908ed38146847bab5b3 (diff) | |
| parent | d7b93dbd049c0eacfb7ad14677457836c79b38f6 (diff) | |
Merge tag 'LA.QSSI.12.0.r1-06800-qssi.0' into sugisawa-mr1HEADsugisawa-mr1
"LA.QSSI.12.0.r1-06800-qssi.0"
Change-Id: I35dbb71151ce8b3bf68b425732a761532c638017
Diffstat (limited to 'private/shell.te')
| -rw-r--r-- | private/shell.te | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/private/shell.te b/private/shell.te index 40b19fde0..ba9e972a1 100644 --- a/private/shell.te +++ b/private/shell.te @@ -106,8 +106,16 @@ allowxperm shell shell_data_file:dir ioctl { # Allow shell to execute simpleperf without a domain transition. allow shell simpleperf_exec:file rx_file_perms; -# Allow shell to execute profcollectctl without a domain transition. -allow shell profcollectd_exec:file rx_file_perms; +userdebug_or_eng(` + # Allow shell to execute profcollectctl without a domain transition. + allow shell profcollectd_exec:file rx_file_perms; + + # Allow shell to read profcollectd data files. + r_dir_file(shell, profcollectd_data_file) + + # Allow to issue control commands to profcollectd binder service. + allow shell profcollectd:binder call; +') # Allow shell to call perf_event_open for profiling other shell processes, but # not the whole system. @@ -173,11 +181,6 @@ get_prop(shell, build_bootimage_prop) userdebug_or_eng(`set_prop(shell, persist_debug_prop)') -# Allow to issue control commands to profcollectd binder service. -userdebug_or_eng(` - allow shell profcollectd:binder call; -') - # Allow shell to read the keystore key contexts files. Used by native tests to test label lookup. allow shell keystore2_key_contexts_file:file r_file_perms; |