Merge "kernel: grant perms from domain_deprecated" am: e48ab7848d

am: d9fcee9ddc * commit 'd9fcee9ddca74ec3a6cce9dedb5932d8180fb10c': kernel: grant perms from domain_deprecated
2016-01-28 15:40:23 +00:00 · 2016-01-28 15:40:23 +00:00 · 1d7f15070f
commit 1d7f15070f
parent 4cfa4decc1 d9fcee9ddc
1 changed files with 9 additions and 0 deletions
--- a/kernel.te
+++ b/kernel.te
@ -3,6 +3,15 @@ type kernel, domain, domain_deprecated, mlstrustedsubject;

 allow kernel self:capability sys_nice;

+# Root fs.
+allow kernel rootfs:dir r_dir_perms;
+allow kernel rootfs:file r_file_perms;
+allow kernel rootfs:lnk_file r_file_perms;
+
+# Get SELinux enforcing status.
+allow kernel selinuxfs:dir r_dir_perms;
+allow kernel selinuxfs:file r_file_perms;
+
 # Allow init relabel itself.
 allow kernel rootfs:file relabelfrom;
 allow kernel init_exec:file relabelto;