Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/policy/modules/contrib/android.if
diff options
context:
space:
mode:
Diffstat (limited to 'policy/modules/contrib/android.if')
-rw-r--r--policy/modules/contrib/android.if103
1 files changed, 103 insertions, 0 deletions
diff --git a/policy/modules/contrib/android.if b/policy/modules/contrib/android.if
new file mode 100644
index 00000000..a50093af
--- /dev/null
+++ b/policy/modules/contrib/android.if
@@ -0,0 +1,103 @@
+## <summary>Android development tools - adb, fastboot, android studio</summary>
+
+#######################################
+## <summary>
+## The role for using the android tools.
+## </summary>
+## <param name="role">
+## <summary>
+## The role associated with the user domain.
+## </summary>
+## </param>
+## <param name="domain">
+## <summary>
+## The user domain.
+## </summary>
+## </param>
+#
+interface(`android_role',`
+ gen_require(`
+ type android_tools_t;
+ type android_tools_exec_t;
+ type android_home_t;
+ type android_tmp_t;
+ type android_java_t;
+ type android_java_exec_t;
+ type android_sdk_t;
+ ')
+
+ role $1 types android_tools_t;
+ role $1 types android_java_t;
+
+ domtrans_pattern($2, android_tools_exec_t, android_tools_t)
+ domtrans_pattern($2, android_java_exec_t, android_java_t)
+
+ allow $2 android_tools_t:process { ptrace signal_perms };
+ allow $2 android_java_t:process { ptrace signal_perms noatsecure siginh rlimitinh };
+
+ manage_dirs_pattern($2, android_home_t, android_home_t)
+ manage_files_pattern($2, android_home_t, android_home_t)
+ manage_lnk_files_pattern($2, android_home_t, android_home_t)
+
+ list_dirs_pattern($2, android_sdk_t, android_sdk_t)
+ read_files_pattern($2, android_sdk_t, android_sdk_t)
+ read_lnk_files_pattern($2, android_sdk_t, android_sdk_t)
+
+ userdom_user_home_dir_filetrans($2, android_home_t, dir, ".android")
+ userdom_user_home_dir_filetrans($2, android_home_t, dir, ".AndroidStudioBeta")
+ userdom_user_home_dir_filetrans($2, android_home_t, dir, ".AndroidStudio")
+
+ manage_dirs_pattern($2, android_tmp_t, android_tmp_t)
+ manage_files_pattern($2, android_tmp_t, android_tmp_t)
+
+ allow $2 android_home_t:dir relabel_dir_perms;
+ allow $2 android_home_t:file relabel_file_perms;
+ allow $2 android_tools_exec_t:file relabel_file_perms;
+
+ ps_process_pattern($2, android_tools_t)
+ ps_process_pattern($2, android_java_t)
+
+ android_dbus_chat($2)
+')
+
+#########################################
+## <summary>
+## Execute the android tools commands in the
+## android tools domain.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+
+interface(`android_tools_domtrans',`
+ gen_require(`
+ type android_tools_t;
+ type android_tools_exec_t;
+ ')
+
+ corecmd_search_bin($1)
+ domtrans_pattern($1, android_tools_exec_t, android_tools_t)
+')
+
+#########################################
+## <summary>
+## Send and receive messages from the android java
+## domain over dbus.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`android_dbus_chat',`
+ gen_require(`
+ type android_java_t;
+ class dbus send_msg;
+ ')
+
+ allow $1 android_java_t:dbus send_msg;
+ allow android_java_t $1:dbus send_msg;
+')