blob: 17031b974f522f99dbf8c2f9cbcdeb7394e4c0a5 [file] [log] [blame]
# Domain for shell processes spawned by ADB
type shell, domain;
type shell_exec, exec_type, file_type;
unconfined_domain(shell)
# Run app_process.
# XXX Split into its own domain?
app_domain(shell)
# shell is also permissive to permit setenforce.
permissive shell;
# ndk-gdb invokes adb shell ps to find the app PID.
r_dir_file(shell, non_system_app_set)
# ndk-gdb invokes adb shell ls to check the app data dir.
allow shell app_data_file:dir search;
# ndk-gdb invokes adb shell kill -9 to kill the gdbserver.
allow shell non_system_app_set:process sigkill;