platform_system_sepolicy/watchdogd.te

# watchdogd seclabel is specified in init.<board>.rc
type watchdogd, domain;
allow watchdogd rootfs:file { entrypoint r_file_perms };
allow watchdogd self:capability mknod;
allow watchdogd device:dir { add_name write remove_name };
allow watchdogd watchdog_device:chr_file rw_file_perms;
# because of /dev/__kmsg__ and /dev/__null__
write_klog(watchdogd)
type_transition watchdogd device:chr_file null_device "__null__";
allow watchdogd null_device:chr_file { create unlink };
watchdog security policy. Initial policy for software watchdog daemon which is started by init. Change-Id: I042a5b1698bf53ce2e50ea06851c374e5123ee2c Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil> 2012-12-03 12:07:45 +01:00			`# watchdogd seclabel is specified in init.<board>.rc`
			`type watchdogd, domain;`
Confine watchdogd, but leave it permissive for now. Change-Id: If2285e927cb886956b3314dd18384145a1ebeaa9 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> 2013-10-29 19:42:41 +01:00			`allow watchdogd rootfs:file { entrypoint r_file_perms };`
			`allow watchdogd self:capability mknod;`
			`allow watchdogd device:dir { add_name write remove_name };`
			`allow watchdogd watchdog_device:chr_file rw_file_perms;`
			`# because of /dev/__kmsg__ and /dev/__null__`
			`write_klog(watchdogd)`
			`type_transition watchdogd device:chr_file null_device "__null__";`
			`allow watchdogd null_device:chr_file { create unlink };`