af47ebb67a
Otherwise you get denials such as:
type=1400 audit(1383590310.430:623): avc: denied { getattr } for pid=1629 comm="Thread-78" path="/dev/fscklogs/log" dev="tmpfs" ino=1642 scontext=u:r:system_server:s0 tcontext=u:object_r:device:s0 tclass=file
type=1400 audit(1383590310.430:624): avc: denied { open } for pid=1629 comm="Thread-78" name="log" dev="tmpfs" ino=1642 scontext=u:r:system_server:s0 tcontext=u:object_r:device:s0 tclass=file
type=1400 audit(1383590310.430:625): avc: denied { write } for pid=1629 comm="Thread-78" name="fscklogs" dev="tmpfs" ino=1628 scontext=u:r:system_server:s0 tcontext=u:object_r:device:s0 tclass=dir
type=1400 audit(1383590310.430:625): avc: denied { remove_name } for pid=1629 comm="Thread-78" name="log" dev="tmpfs" ino=1642 scontext=u:r:system_server:s0 tcontext=u:object_r:device:s0 tclass=dir
type=1400 audit(1383590310.430:625): avc: denied { unlink } for pid=1629 comm="Thread-78" name="log" dev="tmpfs" ino=1642 scontext=u:r:system_server:s0 tcontext=u:object_r:device:s0 tclass=file
Change-Id: Ia7ae06a6d4cc5d2a59b8b85a5fb93cc31074fd37
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
65 lines
2 KiB
Text
65 lines
2 KiB
Text
# Device types
|
|
type device, dev_type, fs_type;
|
|
type akm_device, dev_type;
|
|
type accelerometer_device, dev_type;
|
|
type alarm_device, dev_type, mlstrustedobject;
|
|
type adb_device, dev_type;
|
|
type ashmem_device, dev_type, mlstrustedobject;
|
|
type audio_device, dev_type;
|
|
type binder_device, dev_type, mlstrustedobject;
|
|
type block_device, dev_type;
|
|
type camera_device, dev_type;
|
|
type dm_device, dev_type;
|
|
type loop_device, dev_type;
|
|
type radio_device, dev_type;
|
|
type ram_device, dev_type;
|
|
type console_device, dev_type;
|
|
type cpuctl_device, dev_type;
|
|
type fscklogs, dev_type;
|
|
type full_device, dev_type;
|
|
type graphics_device, dev_type;
|
|
type hw_random_device, dev_type;
|
|
type input_device, dev_type;
|
|
type kmem_device, dev_type;
|
|
type log_device, dev_type, mlstrustedobject;
|
|
type mtd_device, dev_type;
|
|
type mtp_device, dev_type, mlstrustedobject;
|
|
type nfc_device, dev_type;
|
|
type nv_device, dev_type, mlstrustedobject;
|
|
type powervr_device, dev_type, mlstrustedobject;
|
|
type ptmx_device, dev_type, mlstrustedobject;
|
|
type qemu_device, dev_type;
|
|
type kmsg_device, dev_type;
|
|
type null_device, dev_type, mlstrustedobject;
|
|
type random_device, dev_type;
|
|
type sensors_device, dev_type;
|
|
type serial_device, dev_type;
|
|
type socket_device, dev_type;
|
|
type owntty_device, dev_type, mlstrustedobject;
|
|
type tty_device, dev_type;
|
|
type urandom_device, dev_type;
|
|
type video_device, dev_type;
|
|
type vcs_device, dev_type;
|
|
type zero_device, dev_type;
|
|
type fuse_device, dev_type;
|
|
type iio_device, dev_type;
|
|
type ion_device, dev_type, mlstrustedobject;
|
|
type gps_device, dev_type;
|
|
type qtaguid_device, dev_type;
|
|
type watchdog_device, dev_type;
|
|
type uhid_device, dev_type;
|
|
type tun_device, dev_type, mlstrustedobject;
|
|
type usbaccessory_device, dev_type;
|
|
type usb_device, dev_type;
|
|
type klog_device, dev_type;
|
|
type properties_device, dev_type;
|
|
|
|
# All devices have a uart for the hci
|
|
# attach service. The uart dev node
|
|
# varies per device. This type
|
|
# is used in per device policy
|
|
type hci_attach_dev, dev_type;
|
|
|
|
# All devices have a rpmsg device for
|
|
# achieving remoteproc and rpmsg modules
|
|
type rpmsg_device, dev_type;
|