From 610653fe930d016e1d962661c4fcbe2a8747e5ac Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Mon, 23 Dec 2013 14:11:02 -0500
Subject: [PATCH] Run the console service shell in the shell domain.

This allows it to be permissive in userdebug/eng builds
but confined/enforcing in user builds.

Change-Id: Ie322eaa0acdbefea2de4e71ae386778c929d042b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 rootdir/init.rc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/rootdir/init.rc b/rootdir/init.rc
index 9706c89b1..56e0d9227 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -431,6 +431,7 @@ service console /system/bin/sh
     disabled
     user shell
     group log
+    seclabel u:r:shell:s0
 
 on property:ro.debuggable=1
     start console