353ad0fd47
This CL adds hand-written SELinux rules to:
- define the boringssl_self_test security domain
- label the corresponding files at type boringssl_self_test_marker
and boringssl_self_test_exec.
- define an automatic transition from init to boringssl_self_test
domains, plus appropriate access permissions.
Bug: 137267623
Test: When run together with the other changes from draft CL topic
http://aosp/q/topic:bug137267623_bsslselftest, check that:
- both /dev/boringssl/selftest/* marker files are
present after the device boots.
- Test: after the boringssl_self_test{32,64} binaries have
run, no further SELinux denials occur for processes
trying to write the marker file.
Change-Id: I77de0bccdd8c1e22c354d8ea146e363f4af7e36f
6 lines
238 B
Text
6 lines
238 B
Text
#############################
|
|
# System files
|
|
#
|
|
(/.*)? u:object_r:system_file:s0
|
|
/lib(64)?(/.*)? u:object_r:system_lib_file:s0
|
|
/bin/boringssl_self_test(32|64) u:object_r:boringssl_self_test_exec:s0
|