Lines Matching full:shell
1 typeattribute shell coredomain, mlstrustedsubject;
3 # allow shell input injection
4 allow shell uhid_device:chr_file rw_file_perms;
7 allow shell debugfs_tracing_debug:dir r_dir_perms;
8 allow shell debugfs_tracing:dir r_dir_perms;
9 allow shell debugfs_tracing:file rw_file_perms;
10 allow shell debugfs_trace_marker:file getattr;
11 allow shell atrace_exec:file rx_file_perms;
14 allow shell debugfs_tracing_debug:file rw_file_perms;
18 allow shell config_gz:file r_file_perms;
21 allow shell tombstone_data_file:dir r_dir_perms;
22 allow shell tombstone_data_file:file r_file_perms;
26 app_domain(shell)
28 # allow shell to call dumpsys storaged
29 binder_call(shell, storaged)
32 selinux_check_access(shell)
33 selinux_check_context(shell)
37 unix_socket_connect(shell, traced_consumer, traced)
39 # Allow shell binaries to write trace data to Perfetto. Used for testing and
41 perfetto_producer(shell)
43 domain_auto_trans(shell, vendor_shell_exec, vendor_shell)
45 # Allow shell to execute tradeinmode for testing.
46 domain_auto_trans(shell, tradeinmode_exec, tradeinmode)
48 # Allow shell binaries to exec the perfetto cmdline util and have that
51 domain_auto_trans(shell, perfetto_exec, perfetto)
53 allow shell perfetto:process signal;
55 # Allow shell to run adb shell cmd stats commands. Needed for CTS.
56 binder_call(shell, statsd);
58 # Allow shell to read and unlink traces stored in /data/misc/a11ytraces.
60 allow shell accessibility_trace_data_file:dir rw_dir_perms;
61 allow shell accessibility_trace_data_file:file { r_file_perms unlink };
64 # Allow shell to read and unlink traces stored in /data/misc/perfetto-traces.
65 allow shell perfetto_traces_data_file:dir rw_dir_perms;
66 allow shell perfetto_traces_data_file:file { r_file_perms unlink };
68 allow shell perfetto_traces_bugreport_data_file:dir rw_dir_perms;
69 allow shell perfetto_traces_bugreport_data_file:file { r_file_perms unlink };
71 # Allow shell to create/remove configs stored in /data/misc/perfetto-configs.
72 allow shell perfetto_configs_data_file:dir rw_dir_perms;
73 allow shell perfetto_configs_data_file:file create_file_perms;
75 # Allow shell to run adb shell cmd gpu commands.
76 binder_call(shell, gpuservice);
78 # Allow shell to use atrace HAL
79 hal_client_domain(shell, hal_atrace)
82 allow shell proc_net_tcp_udp:file r_file_perms;
86 allow shell system_linker_exec:file rx_file_perms;
90 allow shell rs_exec:file rx_file_perms;
94 allow shell dex2oat_exec:file rx_file_perms;
95 allow shell dex2oat_exec:lnk_file read;
97 # Allow shell to start and comminicate with lpdumpd.
98 set_prop(shell, lpdumpd_prop);
99 binder_call(shell, lpdumpd)
101 # Allow shell to set and read value of properties used for CTS tests of
103 set_prop(shell, userspace_reboot_test_prop)
105 # Allow shell to set this property to disable charging.
106 set_prop(shell, power_debug_prop)
108 # Allow shell to set this property used for rollback tests
109 set_prop(shell, rollback_test_prop)
111 # Allow shell to set RKP properties for testing purposes
112 set_prop(shell, remote_prov_prop)
114 # Allow shell to enable 16 KB backcompat globally.
115 set_prop(shell, bionic_linker_16kb_app_compat_prop)
117 # Allow shell to disable compat in package manager
118 set_prop(shell, pm_16kb_app_compat_prop)
120 # Allow shell to get encryption policy of /data/local/tmp/, for CTS
121 allowxperm shell shell_data_file:dir ioctl {
126 # Allow shell to execute simpleperf without a domain transition.
127 allow shell simpleperf_exec:file rx_file_perms;
130 # Allow shell to execute profcollectctl without a domain transition.
131 allow shell profcollectd_exec:file rx_file_perms;
133 # Allow shell to read profcollectd data files.
134 r_dir_file(shell, profcollectd_data_file)
137 allow shell profcollectd:binder call;
140 # Allow shell to run remount command.
141 allow shell remount_exec:file rx_file_perms;
143 # Allow shell to call perf_event_open for profiling other shell processes, but
145 allow shell self:perf_event { open read write kernel };
147 # Allow shell to read microdroid vendor image
148 r_dir_file(shell, vendor_microdroid_file)
150 # Allow shell to read /apex/apex-info-list.xml and the vendor apexes
151 allow shell apex_info_file:file r_file_perms;
152 allow shell vendor_apex_file:file r_file_perms;
153 allow shell vendor_apex_file:dir r_dir_perms;
154 allow shell vendor_apex_metadata_file:dir r_dir_perms;
156 # Allow shell to read updated APEXes under /data/apex
157 allow shell apex_data_file:dir search;
158 allow shell staging_data_file:file r_file_perms;
161 set_prop(shell, shell_prop)
162 set_prop(shell, ctl_bugreport_prop)
163 set_prop(shell, ctl_dumpstate_prop)
164 set_prop(shell, dumpstate_prop)
165 set_prop(shell, exported_dumpstate_prop)
166 set_prop(shell, debug_prop)
167 set_prop(shell, perf_drop_caches_prop)
168 set_prop(shell, powerctl_prop)
169 set_prop(shell, log_tag_prop)
170 set_prop(shell, wifi_log_prop)
171 # Allow shell to start/stop traced via the persist.traced.enable
173 set_prop(shell, traced_enabled_prop)
175 set_prop(shell, logd_auditrate_prop)
177 userdebug_or_eng(`set_prop(shell, log_prop)')
179 userdebug_or_eng(`set_prop(shell, logpersistd_logging_prop)')
180 # Allow shell to start/stop heapprofd via the persist.heapprofd.enable
182 set_prop(shell, heapprofd_enabled_prop)
183 # Allow shell to start/stop traced_perf via the persist.traced_perf.enable
185 set_prop(shell, traced_perf_enabled_prop)
186 # Allow shell to start/stop gsid via ctl.start|stop|restart gsid.
187 set_prop(shell, ctl_gsid_prop)
188 set_prop(shell, ctl_snapuserd_prop)
189 # Allow shell to start/stop prefetch
190 set_prop(shell, ctl_prefetch_prop)
191 # Allow shell to enable Dynamic System Update
192 set_prop(shell, dynamic_system_prop)
193 # Allow shell to mock an OTA using persist.pm.mock-upgrade
194 set_prop(shell, mock_ota_prop)
197 get_prop(shell, serialno_prop)
199 # Allow shell to read the vendor security patch level for CTS
200 get_prop(shell, vendor_security_patch_level_prop)
203 get_prop(shell, device_logging_prop)
206 get_prop(shell, bootloader_boot_reason_prop)
207 get_prop(shell, last_boot_reason_prop)
208 get_prop(shell, system_boot_reason_prop)
210 # Allow shell to execute the remote key provisioning factory tool
211 binder_call(shell, hal_keymint)
212 # Allow shell to run the AVF RKP HAL during the execution of the remote key
216 binder_call(shell, virtualizationservice)
217 # Allow the shell to inspect whether AVF remote attestation is supported
219 get_prop(shell, avf_virtualizationservice_prop)
222 get_prop(shell, init_perf_lsm_hooks_prop)
224 # Allow shell to read boot image timestamps and fingerprints.
225 get_prop(shell, build_bootimage_prop)
227 # Allow shell to read odsign verification properties
228 get_prop(shell, odsign_prop)
230 userdebug_or_eng(`set_prop(shell, persist_debug_prop)')
232 # Allow shell to read the keystore key contexts files. Used by native tests to test label lookup.
233 allow shell keystore2_key_contexts_file:file r_file_perms;
235 # Allow shell to access the keystore2_key namespace shell_key. Mainly used for native tests.
236 allow shell shell_key:keystore2_key { delete rebind use get_info update };
238 # Allow shell to open and execute memfd files for minijail unit tests.
240 allow shell appdomain_tmpfs:file { open execute_no_trans };
243 # Allow shell to write db.log.detailed, db.log.slow_query_threshold*
244 set_prop(shell, sqlite_log_prop)
246 # Allow shell to write MTE properties even on user builds.
247 set_prop(shell, arm64_memtag_prop)
248 set_prop(shell, permissive_mte_prop)
250 # Allow shell to write kcmdline properties even on user builds.
251 set_prop(shell, kcmdline_prop)
253 # Allow shell to read the dm-verity props on user builds.
254 get_prop(shell, verity_status_prop)
256 # Allow shell to read Virtual A/B related properties
257 get_prop(shell, virtual_ab_prop)
260 read_fstab(shell)
262 # Allow shell read access to /apex/apex-info-list.xml for CTS.
263 allow shell apex_info_file:file r_file_perms;
265 # Let the shell user call virtualizationservice (and
266 # virtualizationservice call back to shell) for debugging.
267 virtualizationservice_use(shell)
269 # Allow shell to set persist.wm.debug properties
270 userdebug_or_eng(`set_prop(shell, persist_wm_debug_prop)')
272 # Allow shell to write GWP-ASan properties even on user builds.
273 set_prop(shell, gwp_asan_prop)
275 # Allow shell to set persist.sysui.notification.builder_extras_override property
276 userdebug_or_eng(`set_prop(shell, persist_sysui_builder_extras_prop)')
277 # Allow shell to set persist.sysui.notification.ranking_update_ashmem property
278 userdebug_or_eng(`set_prop(shell, persist_sysui_ranking_update_prop)')
280 # Allow shell to read the build properties for attestation feature
281 get_prop(shell, build_attestation_prop)
283 # Allow shell to execute oatdump.
285 allow shell oatdump_exec:file rx_file_perms;
288 net_domain(shell)
291 read_logd(shell)
292 control_logd(shell)
293 get_prop(shell, logd_prop)
295 allow shell pstorefs:dir search;
296 allow shell pstorefs:file r_file_perms;
299 allow shell rootfs:dir r_dir_perms;
302 allow shell anr_data_file:dir r_dir_perms;
303 allow shell anr_data_file:file r_file_perms;
306 allow shell shell_data_file:dir create_dir_perms;
307 allow shell shell_data_file:file create_file_perms;
308 allow shell shell_data_file:file rx_file_perms;
309 allow shell shell_data_file:lnk_file create_file_perms;
312 allow shell shell_test_data_file:dir create_dir_perms;
313 allow shell shell_test_data_file:file create_file_perms;
314 allow shell shell_test_data_file:file rx_file_perms;
315 allow shell shell_test_data_file:lnk_file create_file_perms;
316 allow shell shell_test_data_file:sock_file create_file_perms;
319 allow shell trace_data_file:file { r_file_perms unlink };
320 allow shell trace_data_file:dir { r_dir_perms remove_name write };
323 allow shell profman_dump_data_file:dir { write remove_name r_dir_perms };
324 allow shell profman_dump_data_file:file { unlink r_file_perms };
328 allow shell nativetest_data_file:dir r_dir_perms;
329 allow shell nativetest_data_file:file rx_file_perms;
333 unix_socket_connect(shell, dumpstate, dumpstate)
335 allow shell devpts:chr_file rw_file_perms;
336 allow shell tty_device:chr_file rw_file_perms;
337 allow shell console_device:chr_file rw_file_perms;
339 allow shell input_device:dir r_dir_perms;
340 allow shell input_device:chr_file r_file_perms;
342 r_dir_file(shell, system_file)
343 allow shell system_file:file x_file_perms;
344 allow shell toolbox_exec:file rx_file_perms;
345 allow shell shell_exec:file rx_file_perms;
346 allow shell zygote_exec:file rx_file_perms;
350 allow shell boottrace_data_file:dir rw_dir_perms;
351 allow shell boottrace_data_file:file create_file_perms;
354 # allow shell access to services
355 allow shell servicemanager:service_manager list;
356 # don't allow shell to access GateKeeper service
359 allow shell {
378 allow shell dumpstate:binder call;
380 # allow shell to get information from hwservicemanager
382 hwbinder_use(shell)
383 allow shell hwservicemanager:hwservice_manager list;
385 # allow shell to look through /proc/ for lsmod, ps, top, netstat, vmstat.
386 r_dir_file(shell, proc_net_type)
388 allow shell {
407 allow shell sysfs_net:dir r_dir_perms;
409 r_dir_file(shell, cgroup)
410 allow shell cgroup_desc_file:file r_file_perms;
411 allow shell vendor_cgroup_desc_file:file r_file_perms;
412 r_dir_file(shell, cgroup_v2)
413 allow shell domain:dir { search open read getattr };
414 allow shell domain:{ file lnk_file } { open read getattr };
418 allow shell { proc labeledfs }:filesystem getattr;
421 allow shell device:dir getattr;
423 # allow shell to read /proc/pid/attr/current for ps -Z
424 allow shell domain:process getattr;
427 allow shell selinuxfs:dir r_dir_perms;
428 allow shell selinuxfs:file r_file_perms;
430 # enable shell domain to read/write files/dirs for bootchart data
431 # User will creates the start and stop file via adb shell
433 allow shell bootchart_data_file:dir rw_dir_perms;
434 allow shell bootchart_data_file:file create_file_perms;
436 # Make sure strace works for the non-privileged shell user
437 allow shell self:process ptrace;
439 # allow shell to get battery info
440 allow shell sysfs:dir r_dir_perms;
441 allow shell sysfs_batteryinfo:dir r_dir_perms;
442 allow shell sysfs_batteryinfo:file r_file_perms;
445 allow shell sysfs_lru_gen_enabled:file r_file_perms;
449 allow shell vmlauncher_app_devpts:chr_file rw_file_perms;
450 allowxperm shell vmlauncher_app_devpts:chr_file ioctl unpriv_tty_ioctls;
454 allow shell { proc_dt_avf sysfs_dt_avf }:dir search;
457 allow shell ion_device:chr_file rw_file_perms;
463 allow shell dev_type:dir r_dir_perms;
464 allow shell dev_type:chr_file getattr;
467 allow shell proc:lnk_file getattr;
473 allow shell dev_type:blk_file getattr;
476 allow shell file_contexts_file:file r_file_perms;
477 allow shell property_contexts_file:file r_file_perms;
478 allow shell seapp_contexts_file:file r_file_perms;
479 allow shell service_contexts_file:file r_file_perms;
480 allow shell sepolicy_file:file r_file_perms;
482 # Allow shell to start up vendor shell
483 allow shell vendor_shell_exec:file rx_file_perms;
486 allow shell linux_vm_setup_exec:file { entrypoint r_file_perms };
489 allow shell tee_service_contexts_file:file r_file_perms;
490 allow shell test_pkvm_tee_service:tee_service use;
492 # Everything is labeled as rootfs in recovery mode. Allow shell to
495 allow shell rootfs:file rx_file_perms;
502 # Do not allow shell to talk directly to security HAL services other than
504 neverallow shell {
511 # Do not allow shell to hard link to any files.
512 # In particular, if shell hard links to app data
515 # bugs, so we want to ensure the shell user never has this
517 neverallow shell file_type:file link;
520 neverallowxperm shell domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
522 # limit shell access to sensitive char drivers to
524 neverallow shell {
530 # Limit shell to only getattr on blk devices for host side tests.
531 neverallow shell dev_type:blk_file ~getattr;
533 # b/30861057: Shell access to existing input devices is an abuse
534 # vector. The shell user can inject events that look like they
538 # their stress tests, and the input command (adb shell input ...) for
540 neverallow shell input_device:chr_file no_w_file_perms;
542 neverallow shell self:perf_event ~{ open read write kernel };
545 neverallow { domain -shell -init } perf_drop_caches_prop:property_service set;
546 neverallow { domain -shell -init -dumpstate } perf_drop_caches_prop:file read;