Closed slifox closed 8 years ago
I'll need a function for "full dir/symlink/file read/write access to X context".
Ok for shell_data_file access Ok for ps stuff. I think for ps stuff I need read access to all domains, I'll check.
I think /sdcard's context is not so easy, I've seen it depending on the OEM. I'll also grant write access to /sdcard, and also to underlying sdcard (ie before sdcard daemon)
What's left (sys_admin, mounton system_file, remounting) is way too dangerous. I don't think there is any use of having such capabilities without having full SELinux rights (ie permissive mode).
Added "levels". The too dangerous things are in L8/L9, only enabled in eng mode.
These permissions are required for various manual use of a root shell (e.g. 'su' from 'adb shell'):
Access to /data/local/tmp -- this is used immediately after running 'su', but it can also be a convenient place to store temp files while working:
Access to /proc for 'ps', among other things:
Access to /sdcard (which is often a symlink to the actual mountpoint):
Mounting ("ioctl" is likely needed on the mount source, also):
Unmounting:
Remounting (e.g. mount -o remount,rw /system):