platform_system_sepolicy/apex/com.android.conscrypt-file_contexts
Tobias Thierer 353ad0fd47 SEPolicy for boringssl_self_test.
This CL adds hand-written SELinux rules to:
 - define the boringssl_self_test security domain
 - label the corresponding files at type boringssl_self_test_marker
   and boringssl_self_test_exec.
 - define an automatic transition from init to boringssl_self_test
   domains, plus appropriate access permissions.

Bug: 137267623
Test: When run together with the other changes from draft CL topic
      http://aosp/q/topic:bug137267623_bsslselftest, check that:
      - both /dev/boringssl/selftest/* marker files are
        present after the device boots.
      - Test: after the boringssl_self_test{32,64} binaries have
        run, no further SELinux denials occur for processes
        trying to write the marker file.

Change-Id: I77de0bccdd8c1e22c354d8ea146e363f4af7e36f
2019-09-05 02:40:57 +01:00

6 lines
238 B
Text

#############################
# System files
#
(/.*)? u:object_r:system_file:s0
/lib(64)?(/.*)? u:object_r:system_lib_file:s0
/bin/boringssl_self_test(32|64) u:object_r:boringssl_self_test_exec:s0