am 95c960de: am 274d2927: Clean up remaining denials.

* commit '95c960debc0afff3f81448126e649005e8fce60c': Clean up remaining denials.
2013-05-23 19:18:21 -07:00 · 2013-05-23 19:18:21 -07:00 · 0eed3476dc
commit 0eed3476dc
parent cdfcea9d8e 95c960debc
3 changed files with 3 additions and 2 deletions
--- a/tee.te
+++ b/tee.te
@ -7,5 +7,5 @@ type tee_device, dev_type;
 type tee_data_file, file_type, data_file_type;

 permissive tee;
-unconfined_domain(netd)
+unconfined_domain(tee)
 init_daemon_domain(tee)
--- a/unconfined.te
+++ b/unconfined.te
@ -14,7 +14,7 @@ allow unconfineddomain fs_type:filesystem *;
 allow unconfineddomain {fs_type dev_type file_type}:{ dir blk_file lnk_file sock_file fifo_file } *;
 allow unconfineddomain {fs_type dev_type file_type}:{ chr_file file } ~entrypoint;
 allow unconfineddomain node_type:node *;
-allow unconfineddomain node_type:{ tcp_socket udp_socket } node_bind;
+allow unconfineddomain node_type:{ tcp_socket udp_socket rawip_socket } node_bind;
 allow unconfineddomain netif_type:netif *;
 allow unconfineddomain port_type:socket_class_set name_bind;
 allow unconfineddomain port_type:{ tcp_socket dccp_socket } name_connect;
--- a/watchdogd.te
+++ b/watchdogd.te
@ -2,3 +2,4 @@
 type watchdogd, domain;
 permissive watchdogd;
 unconfined_domain(watchdogd)
+allow watchdogd rootfs:file entrypoint;