Do not allow reading all directories for the CTS.
The test gracefully handles unreadable directories, so we do not need to allow this for all file types. Change-Id: Ib5f5be7cacc3f0270b72c046200cc3d21f3fc374 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Stephen Smalley
repo sync
parent
0e856a02cb
commit
a019e4f12f
1 changed files with 0 additions and 1 deletions
1
cts.te
1
cts.te
|
|
@ -16,7 +16,6 @@ dontaudit appdomain appdomain:dir r_dir_perms;
|
|||
dontaudit appdomain appdomain:file r_file_perms;
|
||||
|
||||
# Walk the file tree, stat any file.
|
||||
allow appdomain file_type:dir r_dir_perms;
|
||||
allow appdomain fs_type:dir r_dir_perms;
|
||||
allow appdomain dev_type:dir r_dir_perms;
|
||||
allow appdomain file_type:dir_file_class_set getattr;
|
||||
|
|
|
|||
Loading…
Reference in a new issue