platform_system_sepolicy/nfc.te
Stephen Smalley 5637099a25 Confine all app domains, but make them permissive for now.
As has already been done for untrusted_app, isolated_app,
and bluetooth, make all the other domains used for app
processes confined while making them permissive until sufficient
testing has been done.

Change-Id: If55fe7af196636c49d10fc18be2f44669e2626c5
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-10-23 13:12:55 -04:00

14 lines
350 B
Text

# nfc subsystem
type nfc, domain;
permissive nfc;
app_domain(nfc)
# NFC device access.
allow nfc nfc_device:chr_file rw_file_perms;
# Data file accesses.
allow nfc nfc_data_file:dir create_dir_perms;
allow nfc nfc_data_file:notdevfile_class_set create_file_perms;
allow nfc sysfs_nfc_power_writable:file rw_file_perms;
allow nfc sysfs:file write;