5637099a25
As has already been done for untrusted_app, isolated_app, and bluetooth, make all the other domains used for app processes confined while making them permissive until sufficient testing has been done. Change-Id: If55fe7af196636c49d10fc18be2f44669e2626c5 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
14 lines
350 B
Text
14 lines
350 B
Text
# nfc subsystem
|
|
type nfc, domain;
|
|
permissive nfc;
|
|
app_domain(nfc)
|
|
|
|
# NFC device access.
|
|
allow nfc nfc_device:chr_file rw_file_perms;
|
|
|
|
# Data file accesses.
|
|
allow nfc nfc_data_file:dir create_dir_perms;
|
|
allow nfc nfc_data_file:notdevfile_class_set create_file_perms;
|
|
|
|
allow nfc sysfs_nfc_power_writable:file rw_file_perms;
|
|
allow nfc sysfs:file write;
|