From 8e537c3faf886db0f7f3233059435d5e4d5da016 Mon Sep 17 00:00:00 2001
From: Boxiang Pan <bopan@codeaurora.org>
Date: Wed, 29 Oct 2014 15:25:34 -0700
Subject: sepolicy: add rule for cne logging

add a rule for allow enabling cne debug logging.

Change-Id: I266b224cf1af720f664f504019f0098d7d258712
---
 common/cnd.te  | 3 ++-
 common/file.te | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/common/cnd.te b/common/cnd.te
index 86ab50a9..193236f9 100644
--- a/common/cnd.te
+++ b/common/cnd.te
@@ -5,6 +5,7 @@ file_type_auto_trans(cnd, socket_device, cnd_socket);
 
 # cnd is started by init, type transit from init domain to cnd domain
 init_daemon_domain(cnd)
+type_transition cnd system_data_file:{ file } cnd_data_file;
 # associate netdomain as an attribute of cnd domain
 net_domain(cnd)
 
@@ -31,7 +32,7 @@ allow cnd init:unix_stream_socket connectto;
 allow cnd kernel:system module_request;
 
 # allow cnd to access cnd_data_file
-allow cnd cnd_data_file:file create_file_perms;
+allow cnd cnd_data_file:file { create_file_perms execute };
 allow cnd cnd_data_file:sock_file { unlink create setattr };
 allow cnd cnd_data_file:dir { open read write add_name remove_name search };
 
diff --git a/common/file.te b/common/file.te
index be55eee8..8c577957 100644
--- a/common/file.te
+++ b/common/file.te
@@ -9,7 +9,7 @@ type pps_socket, file_type;
 
 # Define cnd socket and data file type
 type cnd_socket, file_type;
-type cnd_data_file, file_type;
+type cnd_data_file, data_file_type;
 
 # Define dpmd data file type
 type dpmd_socket, file_type;
-- 
cgit v1.2.3


From b00e855871dd07c57965d6cb840cc83ef0f317a3 Mon Sep 17 00:00:00 2001
From: Boxiang Pan <bopan@codeaurora.org>
Date: Wed, 29 Oct 2014 15:25:34 -0700
Subject: sepolicy: add rule for cne logging

add a rule for allow enabling cne debug logging.

Change-Id: I266b224cf1af720f664f504019f0098d7d258712
---
 common/cnd.te  | 3 ++-
 common/file.te | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/common/cnd.te b/common/cnd.te
index 86ab50a9..193236f9 100644
--- a/common/cnd.te
+++ b/common/cnd.te
@@ -5,6 +5,7 @@ file_type_auto_trans(cnd, socket_device, cnd_socket);
 
 # cnd is started by init, type transit from init domain to cnd domain
 init_daemon_domain(cnd)
+type_transition cnd system_data_file:{ file } cnd_data_file;
 # associate netdomain as an attribute of cnd domain
 net_domain(cnd)
 
@@ -31,7 +32,7 @@ allow cnd init:unix_stream_socket connectto;
 allow cnd kernel:system module_request;
 
 # allow cnd to access cnd_data_file
-allow cnd cnd_data_file:file create_file_perms;
+allow cnd cnd_data_file:file { create_file_perms execute };
 allow cnd cnd_data_file:sock_file { unlink create setattr };
 allow cnd cnd_data_file:dir { open read write add_name remove_name search };
 
diff --git a/common/file.te b/common/file.te
index be55eee8..8c577957 100644
--- a/common/file.te
+++ b/common/file.te
@@ -9,7 +9,7 @@ type pps_socket, file_type;
 
 # Define cnd socket and data file type
 type cnd_socket, file_type;
-type cnd_data_file, file_type;
+type cnd_data_file, data_file_type;
 
 # Define dpmd data file type
 type dpmd_socket, file_type;
-- 
cgit v1.2.3