blob: cc00e103bc3a2677520208b596057b18fc5dac13 [file] [log] [blame]
userdebug_or_eng(`
typeattribute su coredomain;
domain_auto_trans(shell, su_exec, su)
# Allow dumpstate to call su on userdebug / eng builds to collect
# additional information.
domain_auto_trans(dumpstate, su_exec, su)
# Make sure that dumpstate runs the same from the "su" domain as
# from the "init" domain.
domain_auto_trans(su, dumpstate_exec, dumpstate)
# Put the incident command into its domain so it is the same on user, userdebug and eng.
domain_auto_trans(su, incident_exec, incident)
# Put the odrefresh command into its domain.
domain_auto_trans(su, odrefresh_exec, odrefresh)
# Put the perfetto command into its domain so it is the same on user, userdebug and eng.
domain_auto_trans(su, perfetto_exec, perfetto)
# Put the virtmgr command into its domain.
domain_auto_trans(su, virtualizationmanager_exec, virtualizationmanager)
# su is also permissive to permit setenforce.
permissive su;
app_domain(su)
# Do not audit accesses to keystore2 namespace for the su domain.
dontaudit su keystore2_key_type:{ keystore2 keystore2_key } *;
# Allow root to set MTE permissive mode.
set_prop(su, permissive_mte_prop);
')