Merge "Support run-as and ndk-gdb functionality."
diff --git a/adbd.te b/adbd.te
index 84d1c2b..6adba83 100644
--- a/adbd.te
+++ b/adbd.te
@@ -13,3 +13,12 @@
# Allow access in case /data/misc/adb still has the old type.
allow adbd system_data_file:dir search;
allow adbd system_data_file:file r_file_perms;
+
+# ndk-gdb invokes adb forward to forward the gdbserver socket.
+allow adbd app_data_file:dir search;
+allow adbd app_data_file:sock_file write;
+allow adbd appdomain:unix_stream_socket connectto;
+
+# ndk-gdb invokes adb pull of app_process, linker, and libc.so.
+allow adbd zygote_exec:file r_file_perms;
+allow adbd system_file:file r_file_perms;
diff --git a/app.te b/app.te
index cf918a1..5cef948 100644
--- a/app.te
+++ b/app.te
@@ -13,12 +13,25 @@
# Receive and use open file descriptors inherited from zygote.
allow appdomain zygote:fd use;
+# gdbserver for ndk-gdb reads the zygote.
+allow appdomain zygote_exec:file r_file_perms;
+
+# gdbserver for ndk-gdb ptrace attaches to app process.
+allow appdomain self:process ptrace;
+
# Read system properties managed by zygote.
allow appdomain zygote_tmpfs:file read;
# Notify zygote of death;
allow appdomain zygote:process sigchld;
+# Notify shell and adbd of death when spawned via runas for ndk-gdb.
+allow appdomain shell:process sigchld;
+allow appdomain adbd:process sigchld;
+
+# child shell or gdbserver pty access for runas.
+allow appdomain devpts:chr_file { getattr read write ioctl };
+
# Communicate with system_server.
allow appdomain system_server:fifo_file rw_file_perms;
allow appdomain system_server:unix_stream_socket { read write setopt };
@@ -41,7 +54,7 @@
# lib subdirectory of /data/data dir is system-owned.
allow appdomain system_data_file:dir r_dir_perms;
-allow appdomain system_data_file:file { execute open };
+allow appdomain system_data_file:file { execute execute_no_trans open };
# Execute the shell or other system executables.
allow appdomain shell_exec:file rx_file_perms;
diff --git a/runas.te b/runas.te
index 6446a9e..c789b14 100644
--- a/runas.te
+++ b/runas.te
@@ -1,6 +1,25 @@
-type runas, domain;
+type runas, domain, mlstrustedsubject;
+permissive runas;
type runas_exec, exec_type, file_type;
-unconfined_domain(runas)
# ndk-gdb invokes adb shell run-as.
domain_auto_trans(shell, runas_exec, runas)
+allow runas adbd:process sigchld;
+allow runas shell:fd use;
+allow runas devpts:chr_file { read write ioctl };
+
+# run-as reads package information.
+allow runas system_data_file:file r_file_perms;
+
+# run-as checks and changes to the app data dir.
+dontaudit runas self:capability dac_override;
+allow runas app_data_file:dir { getattr search };
+
+# run-as switches to the app UID/GID.
+allow runas self:capability { setuid setgid };
+
+# run-as switches to the app security context.
+# read /seapp_contexts and /data/security/seapp_contexts
+security_access_policy(runas)
+selinux_check_context(runas) # validate context
+allow runas non_system_app_set:process dyntransition; # setcon
diff --git a/shell.te b/shell.te
index 032f70f..17031b9 100644
--- a/shell.te
+++ b/shell.te
@@ -9,3 +9,12 @@
# shell is also permissive to permit setenforce.
permissive shell;
+
+# ndk-gdb invokes adb shell ps to find the app PID.
+r_dir_file(shell, non_system_app_set)
+
+# ndk-gdb invokes adb shell ls to check the app data dir.
+allow shell app_data_file:dir search;
+
+# ndk-gdb invokes adb shell kill -9 to kill the gdbserver.
+allow shell non_system_app_set:process sigkill;
diff --git a/shell_user.te b/shell_user.te
index 8b51003..1eccbd6 100644
--- a/shell_user.te
+++ b/shell_user.te
@@ -6,3 +6,9 @@
# Run app_process.
# XXX Split into its own domain?
app_domain(shell)
+
+# ndk-gdb invokes adb shell ps to find the app PID.
+r_dir_file(shell, non_system_app_set)
+
+# ndk-gdb invokes adb shell ls to check the app data dir.
+allow shell app_data_file:dir search;
