tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Remove read access from mls constraints."

Browse source
This commit is contained in:
dcashman 2015-03-02 18:43:43 +00:00 committed by Gerrit Code Review
commit e8df21b20d
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
mls
View file

@ -64,7 +64,7 @@ mlsconstrain dir_file_class_set { create relabelfrom relabelto }
mlsconstrain dir { read getattr search }
(l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
mlsconstrain { file lnk_file sock_file chr_file blk_file } { read getattr execute }
mlsconstrain { file lnk_file sock_file chr_file blk_file } { open execute }
(l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject);
# Write operations: Subject must be dominated by the object unless the