1userdebug_or_eng(` 2 typeattribute su coredomain; 3 4 domain_auto_trans(shell, su_exec, su) 5 # Allow dumpstate to call su on userdebug / eng builds to collect 6 # additional information. 7 domain_auto_trans(dumpstate, su_exec, su) 8 9 # Make sure that dumpstate runs the same from the "su" domain as 10 # from the "init" domain. 11 domain_auto_trans(su, dumpstate_exec, dumpstate) 12 13 # Put the incident command into its domain so it is the same on user, userdebug and eng. 14 domain_auto_trans(su, incident_exec, incident) 15 16 # Put the odrefresh command into its domain. 17 domain_auto_trans(su, odrefresh_exec, odrefresh) 18 19 # Put the perfetto command into its domain so it is the same on user, userdebug and eng. 20 domain_auto_trans(su, perfetto_exec, perfetto) 21 22 # su is also permissive to permit setenforce. 23 permissive su; 24 25 app_domain(su) 26 27 # Do not audit accesses to keystore2 namespace for the su domain. 28 dontaudit su keystore2_key_type:{ keystore2 keystore2_key } *; 29 30') 31