wpa should never trust any data coming from the sdcard. Add a
compile time assertion to make sure no rules are ever added
allowing this access.
Change-Id: I5f50a8242aa30f6cc0cfd89d82b2b153625105f6
Add keystore_key class and an action for each action supported
by keystore. Add policies that replicate the access control that
already exists in keystore. Add auditallow rules for actions
not known to be used frequently. Add macro for those domains
wishing to access keystore.
Change-Id: Iddd8672b9e9b72b45ee208e6eda608cc9dc61edc
As reported by sepolicy-analyze -D -P /path/to/sepolicy.
No semantic difference reported by sediff between the policy
before and after this change.
Deduplication of selinuxfs read access resolved by taking the
common rules to domain.te (and thereby getting rid of the
selinux_getenforce macro altogether).
Change-Id: I4de2f86fe2efe11a167e8a7d25dd799cefe482e5
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
The filename should be the same as the
domain with all the .te files.
Change-Id: Ib05eb84f881c680eb5bb43a4814cfb038fbff339
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
