f90c41f6e8
Add a service_mananger class with the verb add. Add a type that groups the services for each of the processes that is allowed to start services in service.te and an attribute for all services controlled by the service manager. Add the service_contexts file which maps service name to target label. Bug: 12909011 Change-Id: I017032a50bc90c57b536e80b972118016d340c7d
143 lines
2.6 KiB
Text
143 lines
2.6 KiB
Text
# FLASK
|
|
|
|
#
|
|
# Define the security object classes
|
|
#
|
|
|
|
# Classes marked as userspace are classes
|
|
# for userspace object managers
|
|
|
|
class security
|
|
class process
|
|
class system
|
|
class capability
|
|
|
|
# file-related classes
|
|
class filesystem
|
|
class file
|
|
class dir
|
|
class fd
|
|
class lnk_file
|
|
class chr_file
|
|
class blk_file
|
|
class sock_file
|
|
class fifo_file
|
|
|
|
# network-related classes
|
|
class socket
|
|
class tcp_socket
|
|
class udp_socket
|
|
class rawip_socket
|
|
class node
|
|
class netif
|
|
class netlink_socket
|
|
class packet_socket
|
|
class key_socket
|
|
class unix_stream_socket
|
|
class unix_dgram_socket
|
|
|
|
# sysv-ipc-related classes
|
|
class sem
|
|
class msg
|
|
class msgq
|
|
class shm
|
|
class ipc
|
|
|
|
#
|
|
# userspace object manager classes
|
|
#
|
|
|
|
# passwd/chfn/chsh
|
|
class passwd # userspace
|
|
|
|
# SE-X Windows stuff (more classes below)
|
|
class x_drawable # userspace
|
|
class x_screen # userspace
|
|
class x_gc # userspace
|
|
class x_font # userspace
|
|
class x_colormap # userspace
|
|
class x_property # userspace
|
|
class x_selection # userspace
|
|
class x_cursor # userspace
|
|
class x_client # userspace
|
|
class x_device # userspace
|
|
class x_server # userspace
|
|
class x_extension # userspace
|
|
|
|
# extended netlink sockets
|
|
class netlink_route_socket
|
|
class netlink_firewall_socket
|
|
class netlink_tcpdiag_socket
|
|
class netlink_nflog_socket
|
|
class netlink_xfrm_socket
|
|
class netlink_selinux_socket
|
|
class netlink_audit_socket
|
|
class netlink_ip6fw_socket
|
|
class netlink_dnrt_socket
|
|
|
|
class dbus # userspace
|
|
class nscd # userspace
|
|
|
|
# IPSec association
|
|
class association
|
|
|
|
# Updated Netlink class for KOBJECT_UEVENT family.
|
|
class netlink_kobject_uevent_socket
|
|
|
|
class appletalk_socket
|
|
|
|
class packet
|
|
|
|
# Kernel access key retention
|
|
class key
|
|
|
|
class context # userspace
|
|
|
|
class dccp_socket
|
|
|
|
class memprotect
|
|
|
|
class db_database # userspace
|
|
class db_table # userspace
|
|
class db_procedure # userspace
|
|
class db_column # userspace
|
|
class db_tuple # userspace
|
|
class db_blob # userspace
|
|
|
|
# network peer labels
|
|
class peer
|
|
|
|
# Capabilities >= 32
|
|
class capability2
|
|
|
|
# More SE-X Windows stuff
|
|
class x_resource # userspace
|
|
class x_event # userspace
|
|
class x_synthetic_event # userspace
|
|
class x_application_data # userspace
|
|
|
|
# kernel services that need to override task security, e.g. cachefiles
|
|
class kernel_service
|
|
|
|
class tun_socket
|
|
|
|
# Still More SE-X Windows stuff
|
|
class x_pointer # userspace
|
|
class x_keyboard # userspace
|
|
|
|
# More Database stuff
|
|
class db_schema # userspace
|
|
class db_view # userspace
|
|
class db_sequence # userspace
|
|
class db_language # userspace
|
|
|
|
class binder
|
|
class zygote
|
|
|
|
# Property service
|
|
class property_service # userspace
|
|
|
|
# Service manager
|
|
class service_manager # userspace
|
|
|
|
# FLASK
|