Closed jnsc closed 7 years ago
Can you check if this works?
diff --git a/sepolicy/shell.te b/sepolicy/shell.te
index d7d7576..0d7719b 100644
--- a/sepolicy/shell.te
+++ b/sepolicy/shell.te
@@ -1 +1,3 @@
-allow shell su:process signal;
+userdebug_or_eng(`
+ allow shell su:process signal;
+')
@cmorlok was so kind to test if this file is needed at all. It is not needed, so the file can just be removed. See https://review.lineageos.org/#/c/172305/
Thanks a lot
Hi, ok, it's not really a bug but more a proposal of enhancement. One business application I'm using is trying to detect root using the root beer library https://github.com/scottyab/rootbeer which indicate that the device is rooted when ro.debuggable is set to 1. So I tried to build a user build myself, but to do so I had to remove the device/bq/msm8916-common/sepolicy/shell.te file, because it does a type enforcing of a type which is only defined if the build is an userdebug or engineering build. So I think the type enforcement should also happen also in this conditions (userdebug or engineering build). I really wanted to contribute a patch for this, but as for now I did not find where I could add an if for including or not this type enforcement.
Thanks. Do not hesitate If I need to provide more infos