platform_system_sepolicy/public/keystore.te

35 lines
1 KiB
Text
Raw Normal View History

type keystore, domain;
2012-01-04 18:33:27 +01:00
type keystore_exec, exec_type, file_type;
# keystore daemon
typeattribute keystore mlstrustedsubject;
binder_use(keystore)
binder_service(keystore)
binder_call(keystore, system_server)
allow keystore keystore_data_file:dir create_dir_perms;
allow keystore keystore_data_file:notdevfile_class_set create_file_perms;
allow keystore keystore_exec:file { getattr };
add_service(keystore, keystore_service)
allow keystore sec_key_att_app_id_provider_service:service_manager find;
# Check SELinux permissions.
selinux_check_access(keystore)
r_dir_file(keystore, cgroup)
###
### Neverallow rules
###
### Protect ourself from others
###
neverallow { domain -keystore } keystore_data_file:dir ~{ open create read getattr setattr search relabelto ioctl };
neverallow { domain -keystore } keystore_data_file:notdevfile_class_set ~{ relabelto getattr };
neverallow { domain -keystore -init } keystore_data_file:dir *;
neverallow { domain -keystore -init } keystore_data_file:notdevfile_class_set *;
neverallow * keystore:process ptrace;