1typeattribute runas coredomain; 2 3# ndk-gdb invokes adb shell run-as. 4domain_auto_trans(shell, runas_exec, runas) 5 6allow runas adbd:fd use; 7allow runas adbd:process sigchld; 8allow runas adbd:unix_stream_socket { read write }; 9allow runas shell:fd use; 10allow runas shell:fifo_file { read write }; 11allow runas shell:unix_stream_socket { read write }; 12allow runas devpts:chr_file { read write ioctl }; 13allow runas shell_data_file:file { read write }; 14 15# run-as reads package information. 16allow runas system_data_file:file r_file_perms; 17allow runas system_data_file:lnk_file getattr; 18allow runas packages_list_file:file r_file_perms; 19 20# The app's data dir may be accessed through a symlink. 21allow runas system_data_file:lnk_file read; 22 23# run-as checks and changes to the app data dir. 24dontaudit runas self:global_capability_class_set { dac_override dac_read_search }; 25allow runas app_data_file:dir { getattr search }; 26 27# run-as switches to the app UID/GID. 28allow runas self:global_capability_class_set { setuid setgid }; 29 30# run-as switches to the app security context. 31selinux_check_context(runas) # validate context 32allow runas self:process setcurrent; 33allow runas non_system_app_set:process dyntransition; # setcon 34 35# runas/libselinux needs access to seapp_contexts_file to 36# determine which domain to transition to. 37allow runas seapp_contexts_file:file r_file_perms; 38 39### 40### neverallow rules 41### 42 43# run-as cannot have capabilities other than CAP_SETUID and CAP_SETGID 44neverallow runas self:global_capability_class_set ~{ setuid setgid }; 45neverallow runas self:global_capability2_class_set *; 46