type runas, domain, mlstrustedsubject; type runas_exec, exec_type, file_type; allow runas adbd:process sigchld; allow runas adbd:unix_stream_socket { read write }; allow runas shell:fd use; allow runas shell:fifo_file { read write }; allow runas shell:unix_stream_socket { read write }; allow runas devpts:chr_file { read write ioctl }; allow runas shell_data_file:file { read write }; # run-as reads package information. allow runas system_data_file:file r_file_perms; # run-as checks and changes to the app data dir. dontaudit runas self:capability dac_override; allow runas app_data_file:dir { getattr search }; # run-as switches to the app UID/GID. allow runas self:capability { setuid setgid }; # run-as switches to the app security context. selinux_check_context(runas) # validate context allow runas self:process setcurrent; allow runas non_system_app_set:process dyntransition; # setcon # runas/libselinux needs access to seapp_contexts_file to # determine which domain to transition to. allow runas seapp_contexts_file:file r_file_perms; ### ### neverallow rules ### # run-as cannot have capabilities other than CAP_SETUID and CAP_SETGID neverallow runas self:capability ~{ setuid setgid }; neverallow runas self:capability2 *;