tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Fix miscellaneous long-tail denials."

Browse source
This commit is contained in:
Geremy Condra 2013-09-04 23:26:12 +00:00 committed by Gerrit Code Review
commit 66826d5e15
2 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
installd.te
View file

@ -11,11 +11,12 @@ allow installd system_data_file:lnk_file create;
allow installd dalvikcache_data_file:file create_file_perms;
allow installd data_file_type:dir create_dir_perms;
allow installd data_file_type:dir { relabelfrom relabelto };
allow installd data_file_type:{ file lnk_file } { getattr unlink };
allow installd data_file_type:{ file lnk_file sock_file } { getattr unlink };
allow installd apk_data_file:file r_file_perms;
allow installd apk_tmp_file:file r_file_perms;
allow installd system_file:file x_file_perms;
allow installd cgroup:dir create_dir_perms;
allow installd download_file:dir { read getattr };
dontaudit installd self:capability sys_admin;
# Check validity of SELinux context before use.
selinux_check_context(installd)

2
zygote.te
View file

@ -5,7 +5,7 @@ type zygote_exec, exec_type, file_type;
init_daemon_domain(zygote)
typeattribute zygote mlstrustedsubject;
# Override DAC on files and switch uid/gid.
allow zygote self:capability { dac_override setgid setuid };
allow zygote self:capability { dac_override setgid setuid fowner };
# Drop capabilities from bounding set.
allow zygote self:capability setpcap;
# Switch SELinux context to app domains.