More MLS trusted subject/object annotations.
dumpstate and lmkd need to act on apps running at any level. Various file types need to be writable by apps running at any level. Change-Id: Idf574d96ba961cc110a48d0a00d30807df6777ba Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Stephen Smalley
parent
e7d136738f
commit
cbc5279a43
4 changed files with 15 additions and 15 deletions
10
device.te
10
device.te
|
|
@ -28,16 +28,16 @@ type nfc_device, dev_type;
|
|||
type ptmx_device, dev_type, mlstrustedobject;
|
||||
type kmsg_device, dev_type;
|
||||
type null_device, dev_type, mlstrustedobject;
|
||||
type random_device, dev_type;
|
||||
type random_device, dev_type, mlstrustedobject;
|
||||
type sensors_device, dev_type;
|
||||
type serial_device, dev_type;
|
||||
type socket_device, dev_type;
|
||||
type owntty_device, dev_type, mlstrustedobject;
|
||||
type tty_device, dev_type;
|
||||
type urandom_device, dev_type;
|
||||
type urandom_device, dev_type, mlstrustedobject;
|
||||
type video_device, dev_type;
|
||||
type vcs_device, dev_type;
|
||||
type zero_device, dev_type;
|
||||
type zero_device, dev_type, mlstrustedobject;
|
||||
type fuse_device, dev_type;
|
||||
type iio_device, dev_type;
|
||||
type ion_device, dev_type, mlstrustedobject;
|
||||
|
|
@ -47,8 +47,8 @@ type watchdog_device, dev_type;
|
|||
type uhid_device, dev_type;
|
||||
type uio_device, dev_type;
|
||||
type tun_device, dev_type, mlstrustedobject;
|
||||
type usbaccessory_device, dev_type;
|
||||
type usb_device, dev_type;
|
||||
type usbaccessory_device, dev_type, mlstrustedobject;
|
||||
type usb_device, dev_type, mlstrustedobject;
|
||||
type klog_device, dev_type;
|
||||
type properties_device, dev_type;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
# dumpstate
|
||||
type dumpstate, domain;
|
||||
type dumpstate, domain, mlstrustedsubject;
|
||||
type dumpstate_exec, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(dumpstate)
|
||||
|
|
|
|||
16
file.te
16
file.te
|
|
@ -12,7 +12,7 @@ type qtaguid_proc, fs_type, mlstrustedobject;
|
|||
type proc_bluetooth_writable, fs_type;
|
||||
type proc_net, fs_type;
|
||||
type proc_sysrq, fs_type;
|
||||
type selinuxfs, fs_type;
|
||||
type selinuxfs, fs_type, mlstrustedobject;
|
||||
type cgroup, fs_type, mlstrustedobject;
|
||||
type sysfs, fs_type, sysfs_type, mlstrustedobject;
|
||||
type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
|
||||
|
|
@ -62,11 +62,11 @@ type apk_private_tmp_file, file_type, data_file_type, mlstrustedobject;
|
|||
# /data/dalvik-cache
|
||||
type dalvikcache_data_file, file_type, data_file_type;
|
||||
# /data/dalvik-cache/profiles
|
||||
type dalvikcache_profiles_data_file, file_type, data_file_type;
|
||||
type dalvikcache_profiles_data_file, file_type, data_file_type, mlstrustedobject;
|
||||
# /data/resource-cache
|
||||
type resourcecache_data_file, file_type, data_file_type;
|
||||
# /data/local - writable by shell
|
||||
type shell_data_file, file_type, data_file_type;
|
||||
type shell_data_file, file_type, data_file_type, mlstrustedobject;
|
||||
# /data/gps
|
||||
type gps_data_file, file_type, data_file_type;
|
||||
# /data/property
|
||||
|
|
@ -79,10 +79,10 @@ type bluetooth_data_file, file_type, data_file_type;
|
|||
type camera_data_file, file_type, data_file_type;
|
||||
type keystore_data_file, file_type, data_file_type;
|
||||
type media_data_file, file_type, data_file_type;
|
||||
type media_rw_data_file, file_type, data_file_type;
|
||||
type media_rw_data_file, file_type, data_file_type, mlstrustedobject;
|
||||
type net_data_file, file_type, data_file_type;
|
||||
type nfc_data_file, file_type, data_file_type;
|
||||
type radio_data_file, file_type, data_file_type;
|
||||
type radio_data_file, file_type, data_file_type, mlstrustedobject;
|
||||
type shared_relro_file, file_type, data_file_type;
|
||||
type systemkeys_data_file, file_type, data_file_type;
|
||||
type vpn_data_file, file_type, data_file_type;
|
||||
|
|
@ -131,12 +131,12 @@ type fwmarkd_socket, file_type, mlstrustedobject;
|
|||
type gps_socket, file_type;
|
||||
type installd_socket, file_type;
|
||||
type lmkd_socket, file_type;
|
||||
type logd_debug, file_type;
|
||||
type logd_socket, file_type;
|
||||
type logd_debug, file_type, mlstrustedobject;
|
||||
type logd_socket, file_type, mlstrustedobject;
|
||||
type logdr_socket, file_type, mlstrustedobject;
|
||||
type logdw_socket, file_type, mlstrustedobject;
|
||||
type mdns_socket, file_type;
|
||||
type mdnsd_socket, file_type;
|
||||
type mdnsd_socket, file_type, mlstrustedobject;
|
||||
type mtpd_socket, file_type;
|
||||
type netd_socket, file_type;
|
||||
type property_socket, file_type;
|
||||
|
|
|
|||
2
lmkd.te
2
lmkd.te
|
|
@ -1,5 +1,5 @@
|
|||
# lmkd low memory killer daemon
|
||||
type lmkd, domain;
|
||||
type lmkd, domain, mlstrustedsubject;
|
||||
type lmkd_exec, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(lmkd)
|
||||
|
|
|
|||
Loading…
Reference in a new issue