Merge "Confine keystore, but leave it permissive for now."

This commit is contained in:
Nick Kralevich 2013-10-31 16:27:53 +00:00 committed by Gerrit Code Review
commit cdf54ba7f8

View file

@ -1,6 +1,13 @@
type keystore, domain;
permissive keystore;
type keystore_exec, exec_type, file_type;
# keystore daemon
init_daemon_domain(keystore)
unconfined_domain(keystore)
typeattribute keystore mlstrustedsubject;
binder_use(keystore)
binder_service(keystore)
allow keystore keystore_data_file:dir create_dir_perms;
allow keystore keystore_data_file:notdevfile_class_set create_file_perms;
allow keystore keystore_exec:file { getattr };
allow keystore tee_device:chr_file rw_file_perms;