1*e4a36f41SAndroid Build Coastguard Workeruserdebug_or_eng(` 2*e4a36f41SAndroid Build Coastguard Worker typeattribute su coredomain; 3*e4a36f41SAndroid Build Coastguard Worker 4*e4a36f41SAndroid Build Coastguard Worker domain_auto_trans(shell, su_exec, su) 5*e4a36f41SAndroid Build Coastguard Worker # Allow dumpstate to call su on userdebug / eng builds to collect 6*e4a36f41SAndroid Build Coastguard Worker # additional information. 7*e4a36f41SAndroid Build Coastguard Worker domain_auto_trans(dumpstate, su_exec, su) 8*e4a36f41SAndroid Build Coastguard Worker 9*e4a36f41SAndroid Build Coastguard Worker # Make sure that dumpstate runs the same from the "su" domain as 10*e4a36f41SAndroid Build Coastguard Worker # from the "init" domain. 11*e4a36f41SAndroid Build Coastguard Worker domain_auto_trans(su, dumpstate_exec, dumpstate) 12*e4a36f41SAndroid Build Coastguard Worker 13*e4a36f41SAndroid Build Coastguard Worker # Put the incident command into its domain so it is the same on user, userdebug and eng. 14*e4a36f41SAndroid Build Coastguard Worker domain_auto_trans(su, incident_exec, incident) 15*e4a36f41SAndroid Build Coastguard Worker 16*e4a36f41SAndroid Build Coastguard Worker # Put the odrefresh command into its domain. 17*e4a36f41SAndroid Build Coastguard Worker domain_auto_trans(su, odrefresh_exec, odrefresh) 18*e4a36f41SAndroid Build Coastguard Worker 19*e4a36f41SAndroid Build Coastguard Worker # Put the perfetto command into its domain so it is the same on user, userdebug and eng. 20*e4a36f41SAndroid Build Coastguard Worker domain_auto_trans(su, perfetto_exec, perfetto) 21*e4a36f41SAndroid Build Coastguard Worker 22*e4a36f41SAndroid Build Coastguard Worker # su is also permissive to permit setenforce. 23*e4a36f41SAndroid Build Coastguard Worker permissive su; 24*e4a36f41SAndroid Build Coastguard Worker 25*e4a36f41SAndroid Build Coastguard Worker app_domain(su) 26*e4a36f41SAndroid Build Coastguard Worker 27*e4a36f41SAndroid Build Coastguard Worker # Do not audit accesses to keystore2 namespace for the su domain. 28*e4a36f41SAndroid Build Coastguard Worker dontaudit su keystore2_key_type:{ keystore2 keystore2_key } *; 29*e4a36f41SAndroid Build Coastguard Worker 30*e4a36f41SAndroid Build Coastguard Worker') 31