80b85f0ecd
To aid in debugging if there are failures. Bug: 137267623 Test: add prints to boringssl_self_test and see them Change-Id: I34b20225514898911b3f476d4517430433eb379e
30 lines
1.1 KiB
Text
30 lines
1.1 KiB
Text
type boringssl_self_test, domain, coredomain;
|
|
type boringssl_self_test_exec, system_file_type, exec_type, file_type;
|
|
type boringssl_self_test_marker, file_type;
|
|
|
|
# switch to boringssl_self_test security domain when running boringssl_self_test_exec from init.
|
|
init_daemon_domain(boringssl_self_test)
|
|
|
|
# Allow boringssl_self_test binaries to create/check for the existence of boringssl_self_test_marker
|
|
# files.
|
|
allow boringssl_self_test boringssl_self_test_marker:file create_file_perms;
|
|
allow boringssl_self_test boringssl_self_test_marker:dir ra_dir_perms;
|
|
|
|
# Allow boringsself_self_test to write its stdout/stderr messages to kmsg_debug.
|
|
allow boringssl_self_test kmsg_debug_device:chr_file { w_file_perms getattr ioctl };
|
|
|
|
# No other process should be able to create these files because their existence causes the
|
|
# boringssl self test to be skipped.
|
|
neverallow {
|
|
domain
|
|
-boringssl_self_test
|
|
-init
|
|
-vendor_init
|
|
} boringssl_self_test_marker:file no_rw_file_perms;
|
|
|
|
neverallow {
|
|
domain
|
|
-boringssl_self_test
|
|
-init
|
|
-vendor_init
|
|
} boringssl_self_test_marker:dir write;
|