cc39f63773
Divide policy into public and private components. This is the first step in splitting the policy creation for platform and non-platform policies. The policy in the public directory will be exported for use in non-platform policy creation. Backwards compatibility with it will be achieved by converting the exported policy into attribute-based policy when included as part of the non-platform policy and a mapping file will be maintained to be included with the platform policy that maps exported attributes of previous versions to the current platform version. Eventually we would like to create a clear interface between the platform and non-platform device components so that the exported policy, and the need for attributes is minimal. For now, almost all types and avrules are left in public. Test: Tested by building policy and running on device. Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
23 lines
865 B
Text
23 lines
865 B
Text
# Label inodes via getxattr.
|
|
fs_use_xattr yaffs2 u:object_r:labeledfs:s0;
|
|
fs_use_xattr jffs2 u:object_r:labeledfs:s0;
|
|
fs_use_xattr ext2 u:object_r:labeledfs:s0;
|
|
fs_use_xattr ext3 u:object_r:labeledfs:s0;
|
|
fs_use_xattr ext4 u:object_r:labeledfs:s0;
|
|
fs_use_xattr xfs u:object_r:labeledfs:s0;
|
|
fs_use_xattr btrfs u:object_r:labeledfs:s0;
|
|
fs_use_xattr f2fs u:object_r:labeledfs:s0;
|
|
fs_use_xattr squashfs u:object_r:labeledfs:s0;
|
|
|
|
# Label inodes from task label.
|
|
fs_use_task pipefs u:object_r:pipefs:s0;
|
|
fs_use_task sockfs u:object_r:sockfs:s0;
|
|
|
|
# Label inodes from combination of task label and fs label.
|
|
# Define type_transition rules if you want per-domain types.
|
|
fs_use_trans devpts u:object_r:devpts:s0;
|
|
fs_use_trans tmpfs u:object_r:tmpfs:s0;
|
|
fs_use_trans devtmpfs u:object_r:device:s0;
|
|
fs_use_trans shm u:object_r:shm:s0;
|
|
fs_use_trans mqueue u:object_r:mqueue:s0;
|
|
|