diff --git a/device.te b/device.te index 42d15e3bb..9ca072f38 100644 --- a/device.te +++ b/device.te @@ -28,16 +28,16 @@ type nfc_device, dev_type; type ptmx_device, dev_type, mlstrustedobject; type kmsg_device, dev_type; type null_device, dev_type, mlstrustedobject; -type random_device, dev_type; +type random_device, dev_type, mlstrustedobject; type sensors_device, dev_type; type serial_device, dev_type; type socket_device, dev_type; type owntty_device, dev_type, mlstrustedobject; type tty_device, dev_type; -type urandom_device, dev_type; +type urandom_device, dev_type, mlstrustedobject; type video_device, dev_type; type vcs_device, dev_type; -type zero_device, dev_type; +type zero_device, dev_type, mlstrustedobject; type fuse_device, dev_type; type iio_device, dev_type; type ion_device, dev_type, mlstrustedobject; @@ -47,8 +47,8 @@ type watchdog_device, dev_type; type uhid_device, dev_type; type uio_device, dev_type; type tun_device, dev_type, mlstrustedobject; -type usbaccessory_device, dev_type; -type usb_device, dev_type; +type usbaccessory_device, dev_type, mlstrustedobject; +type usb_device, dev_type, mlstrustedobject; type klog_device, dev_type; type properties_device, dev_type; diff --git a/dumpstate.te b/dumpstate.te index 63b323ace..e5ccb562d 100644 --- a/dumpstate.te +++ b/dumpstate.te @@ -1,5 +1,5 @@ # dumpstate -type dumpstate, domain; +type dumpstate, domain, mlstrustedsubject; type dumpstate_exec, exec_type, file_type; init_daemon_domain(dumpstate) diff --git a/file.te b/file.te index 0721c3230..e50196c4d 100644 --- a/file.te +++ b/file.te @@ -12,7 +12,7 @@ type qtaguid_proc, fs_type, mlstrustedobject; type proc_bluetooth_writable, fs_type; type proc_net, fs_type; type proc_sysrq, fs_type; -type selinuxfs, fs_type; +type selinuxfs, fs_type, mlstrustedobject; type cgroup, fs_type, mlstrustedobject; type sysfs, fs_type, sysfs_type, mlstrustedobject; type sysfs_writable, fs_type, sysfs_type, mlstrustedobject; @@ -62,11 +62,11 @@ type apk_private_tmp_file, file_type, data_file_type, mlstrustedobject; # /data/dalvik-cache type dalvikcache_data_file, file_type, data_file_type; # /data/dalvik-cache/profiles -type dalvikcache_profiles_data_file, file_type, data_file_type; +type dalvikcache_profiles_data_file, file_type, data_file_type, mlstrustedobject; # /data/resource-cache type resourcecache_data_file, file_type, data_file_type; # /data/local - writable by shell -type shell_data_file, file_type, data_file_type; +type shell_data_file, file_type, data_file_type, mlstrustedobject; # /data/gps type gps_data_file, file_type, data_file_type; # /data/property @@ -79,10 +79,10 @@ type bluetooth_data_file, file_type, data_file_type; type camera_data_file, file_type, data_file_type; type keystore_data_file, file_type, data_file_type; type media_data_file, file_type, data_file_type; -type media_rw_data_file, file_type, data_file_type; +type media_rw_data_file, file_type, data_file_type, mlstrustedobject; type net_data_file, file_type, data_file_type; type nfc_data_file, file_type, data_file_type; -type radio_data_file, file_type, data_file_type; +type radio_data_file, file_type, data_file_type, mlstrustedobject; type shared_relro_file, file_type, data_file_type; type systemkeys_data_file, file_type, data_file_type; type vpn_data_file, file_type, data_file_type; @@ -131,12 +131,12 @@ type fwmarkd_socket, file_type, mlstrustedobject; type gps_socket, file_type; type installd_socket, file_type; type lmkd_socket, file_type; -type logd_debug, file_type; -type logd_socket, file_type; +type logd_debug, file_type, mlstrustedobject; +type logd_socket, file_type, mlstrustedobject; type logdr_socket, file_type, mlstrustedobject; type logdw_socket, file_type, mlstrustedobject; type mdns_socket, file_type; -type mdnsd_socket, file_type; +type mdnsd_socket, file_type, mlstrustedobject; type mtpd_socket, file_type; type netd_socket, file_type; type property_socket, file_type; diff --git a/lmkd.te b/lmkd.te index df8208f71..3243ddb5f 100644 --- a/lmkd.te +++ b/lmkd.te @@ -1,5 +1,5 @@ # lmkd low memory killer daemon -type lmkd, domain; +type lmkd, domain, mlstrustedsubject; type lmkd_exec, exec_type, file_type; init_daemon_domain(lmkd)