Explicitly added permissions that were previously granted through domain_deprecated. BUG: 25965160 Change-Id: I586d082ef5fe49079cb0c4056f8e7b34fae48c03

commit: 15a1e0d41a644a283a1b71e8807b5c64da879659 [log] [tgz]
author: Felipe Leme <felipeal@google.com> Wed Dec 02 12:12:09 2015 -0800
committer: Felipe Leme <felipeal@google.com> Wed Dec 02 12:16:24 2015 -0800
tree: d250ded87181a21f20ecbe53b38e3322c112b88e
parent: 4367cf2d1e9b62b310a2187408afde0dee54897d [diff]
diff --git a/shell.te b/shell.te
index a02fbd0..a8089d6 100644
--- a/shell.te
+++ b/shell.te

@@ -71,6 +71,7 @@
 # Directory read access and file write access is already granted
 # in domain.te.
 allow shell debugfs:file r_file_perms;
+allow shell debugfs:dir search;
 allow shell atrace_exec:file rx_file_perms;
 
 userdebug_or_eng(`
@@ -113,3 +114,6 @@
 # bugs, so we want to ensure the shell user never has this
 # capability.
 neverallow shell file_type:file link;
+
+# Allow access to ion memory allocation device.
+allow shell ion_device:chr_file { open read };
commit	15a1e0d41a644a283a1b71e8807b5c64da879659	[log] [tgz]
author	Felipe Leme <felipeal@google.com>	Wed Dec 02 12:12:09 2015 -0800
committer	Felipe Leme <felipeal@google.com>	Wed Dec 02 12:16:24 2015 -0800
tree	d250ded87181a21f20ecbe53b38e3322c112b88e
parent	4367cf2d1e9b62b310a2187408afde0dee54897d [diff]