android10/system/sepolicy/private/runas_app.te

typeattribute runas_app coredomain;

app_domain(runas_app)
untrusted_app_domain(runas_app)
net_domain(runas_app)
bluetooth_domain(runas_app)

# The ability to call exec() on files in the apps home directories
# when using run-as on a debuggable app. Used to run lldb/ndk-gdb/simpleperf,
# which are copied to the apps home directories.
allow runas_app app_data_file:file execute_no_trans;

# Allow lldb/ndk-gdb/simpleperf to read maps of debuggable app processes.
r_dir_file(runas_app, untrusted_app_all)

# Allow lldb/ndk-gdb/simpleperf to ptrace attach to debuggable app processes.
allow runas_app untrusted_app_all:process { ptrace signal sigstop };
allow runas_app untrusted_app_all:unix_stream_socket connectto;