More MLS trusted subject/object annotations.
dumpstate and lmkd need to act on apps running at any level. Various file types need to be writable by apps running at any level. Change-Id: Idf574d96ba961cc110a48d0a00d30807df6777ba Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Stephen Smalley
parent
e7d136738f
commit
cbc5279a43
4 changed files with 15 additions and 15 deletions
10
device.te
10
device.te
|
|
@ -28,16 +28,16 @@ type nfc_device, dev_type;
|
||||||
type ptmx_device, dev_type, mlstrustedobject;
|
type ptmx_device, dev_type, mlstrustedobject;
|
||||||
type kmsg_device, dev_type;
|
type kmsg_device, dev_type;
|
||||||
type null_device, dev_type, mlstrustedobject;
|
type null_device, dev_type, mlstrustedobject;
|
||||||
type random_device, dev_type;
|
type random_device, dev_type, mlstrustedobject;
|
||||||
type sensors_device, dev_type;
|
type sensors_device, dev_type;
|
||||||
type serial_device, dev_type;
|
type serial_device, dev_type;
|
||||||
type socket_device, dev_type;
|
type socket_device, dev_type;
|
||||||
type owntty_device, dev_type, mlstrustedobject;
|
type owntty_device, dev_type, mlstrustedobject;
|
||||||
type tty_device, dev_type;
|
type tty_device, dev_type;
|
||||||
type urandom_device, dev_type;
|
type urandom_device, dev_type, mlstrustedobject;
|
||||||
type video_device, dev_type;
|
type video_device, dev_type;
|
||||||
type vcs_device, dev_type;
|
type vcs_device, dev_type;
|
||||||
type zero_device, dev_type;
|
type zero_device, dev_type, mlstrustedobject;
|
||||||
type fuse_device, dev_type;
|
type fuse_device, dev_type;
|
||||||
type iio_device, dev_type;
|
type iio_device, dev_type;
|
||||||
type ion_device, dev_type, mlstrustedobject;
|
type ion_device, dev_type, mlstrustedobject;
|
||||||
|
|
@ -47,8 +47,8 @@ type watchdog_device, dev_type;
|
||||||
type uhid_device, dev_type;
|
type uhid_device, dev_type;
|
||||||
type uio_device, dev_type;
|
type uio_device, dev_type;
|
||||||
type tun_device, dev_type, mlstrustedobject;
|
type tun_device, dev_type, mlstrustedobject;
|
||||||
type usbaccessory_device, dev_type;
|
type usbaccessory_device, dev_type, mlstrustedobject;
|
||||||
type usb_device, dev_type;
|
type usb_device, dev_type, mlstrustedobject;
|
||||||
type klog_device, dev_type;
|
type klog_device, dev_type;
|
||||||
type properties_device, dev_type;
|
type properties_device, dev_type;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
# dumpstate
|
# dumpstate
|
||||||
type dumpstate, domain;
|
type dumpstate, domain, mlstrustedsubject;
|
||||||
type dumpstate_exec, exec_type, file_type;
|
type dumpstate_exec, exec_type, file_type;
|
||||||
|
|
||||||
init_daemon_domain(dumpstate)
|
init_daemon_domain(dumpstate)
|
||||||
|
|
|
||||||
16
file.te
16
file.te
|
|
@ -12,7 +12,7 @@ type qtaguid_proc, fs_type, mlstrustedobject;
|
||||||
type proc_bluetooth_writable, fs_type;
|
type proc_bluetooth_writable, fs_type;
|
||||||
type proc_net, fs_type;
|
type proc_net, fs_type;
|
||||||
type proc_sysrq, fs_type;
|
type proc_sysrq, fs_type;
|
||||||
type selinuxfs, fs_type;
|
type selinuxfs, fs_type, mlstrustedobject;
|
||||||
type cgroup, fs_type, mlstrustedobject;
|
type cgroup, fs_type, mlstrustedobject;
|
||||||
type sysfs, fs_type, sysfs_type, mlstrustedobject;
|
type sysfs, fs_type, sysfs_type, mlstrustedobject;
|
||||||
type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
|
type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
|
||||||
|
|
@ -62,11 +62,11 @@ type apk_private_tmp_file, file_type, data_file_type, mlstrustedobject;
|
||||||
# /data/dalvik-cache
|
# /data/dalvik-cache
|
||||||
type dalvikcache_data_file, file_type, data_file_type;
|
type dalvikcache_data_file, file_type, data_file_type;
|
||||||
# /data/dalvik-cache/profiles
|
# /data/dalvik-cache/profiles
|
||||||
type dalvikcache_profiles_data_file, file_type, data_file_type;
|
type dalvikcache_profiles_data_file, file_type, data_file_type, mlstrustedobject;
|
||||||
# /data/resource-cache
|
# /data/resource-cache
|
||||||
type resourcecache_data_file, file_type, data_file_type;
|
type resourcecache_data_file, file_type, data_file_type;
|
||||||
# /data/local - writable by shell
|
# /data/local - writable by shell
|
||||||
type shell_data_file, file_type, data_file_type;
|
type shell_data_file, file_type, data_file_type, mlstrustedobject;
|
||||||
# /data/gps
|
# /data/gps
|
||||||
type gps_data_file, file_type, data_file_type;
|
type gps_data_file, file_type, data_file_type;
|
||||||
# /data/property
|
# /data/property
|
||||||
|
|
@ -79,10 +79,10 @@ type bluetooth_data_file, file_type, data_file_type;
|
||||||
type camera_data_file, file_type, data_file_type;
|
type camera_data_file, file_type, data_file_type;
|
||||||
type keystore_data_file, file_type, data_file_type;
|
type keystore_data_file, file_type, data_file_type;
|
||||||
type media_data_file, file_type, data_file_type;
|
type media_data_file, file_type, data_file_type;
|
||||||
type media_rw_data_file, file_type, data_file_type;
|
type media_rw_data_file, file_type, data_file_type, mlstrustedobject;
|
||||||
type net_data_file, file_type, data_file_type;
|
type net_data_file, file_type, data_file_type;
|
||||||
type nfc_data_file, file_type, data_file_type;
|
type nfc_data_file, file_type, data_file_type;
|
||||||
type radio_data_file, file_type, data_file_type;
|
type radio_data_file, file_type, data_file_type, mlstrustedobject;
|
||||||
type shared_relro_file, file_type, data_file_type;
|
type shared_relro_file, file_type, data_file_type;
|
||||||
type systemkeys_data_file, file_type, data_file_type;
|
type systemkeys_data_file, file_type, data_file_type;
|
||||||
type vpn_data_file, file_type, data_file_type;
|
type vpn_data_file, file_type, data_file_type;
|
||||||
|
|
@ -131,12 +131,12 @@ type fwmarkd_socket, file_type, mlstrustedobject;
|
||||||
type gps_socket, file_type;
|
type gps_socket, file_type;
|
||||||
type installd_socket, file_type;
|
type installd_socket, file_type;
|
||||||
type lmkd_socket, file_type;
|
type lmkd_socket, file_type;
|
||||||
type logd_debug, file_type;
|
type logd_debug, file_type, mlstrustedobject;
|
||||||
type logd_socket, file_type;
|
type logd_socket, file_type, mlstrustedobject;
|
||||||
type logdr_socket, file_type, mlstrustedobject;
|
type logdr_socket, file_type, mlstrustedobject;
|
||||||
type logdw_socket, file_type, mlstrustedobject;
|
type logdw_socket, file_type, mlstrustedobject;
|
||||||
type mdns_socket, file_type;
|
type mdns_socket, file_type;
|
||||||
type mdnsd_socket, file_type;
|
type mdnsd_socket, file_type, mlstrustedobject;
|
||||||
type mtpd_socket, file_type;
|
type mtpd_socket, file_type;
|
||||||
type netd_socket, file_type;
|
type netd_socket, file_type;
|
||||||
type property_socket, file_type;
|
type property_socket, file_type;
|
||||||
|
|
|
||||||
2
lmkd.te
2
lmkd.te
|
|
@ -1,5 +1,5 @@
|
||||||
# lmkd low memory killer daemon
|
# lmkd low memory killer daemon
|
||||||
type lmkd, domain;
|
type lmkd, domain, mlstrustedsubject;
|
||||||
type lmkd_exec, exec_type, file_type;
|
type lmkd_exec, exec_type, file_type;
|
||||||
|
|
||||||
init_daemon_domain(lmkd)
|
init_daemon_domain(lmkd)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue