diff options
| author | William Roberts <bill.c.roberts@gmail.com> | 2012-07-11 16:46:38 -0700 |
|---|---|---|
| committer | Stephen Smalley <sds@tycho.nsa.gov> | 2012-07-12 10:02:45 -0400 |
| commit | dc1072365e99cef38e0d234989ba29e0e2df2b4c (patch) | |
| tree | ebe6ae75792c81ce495b825a8e6770229f13360c /fs_use | |
| parent | 96bf5059621cd3903e1a402b2c90dbb652aedf90 (diff) | |
| download | android_external_sepolicy-dc1072365e99cef38e0d234989ba29e0e2df2b4c.tar.gz android_external_sepolicy-dc1072365e99cef38e0d234989ba29e0e2df2b4c.tar.bz2 android_external_sepolicy-dc1072365e99cef38e0d234989ba29e0e2df2b4c.zip | |
Support for ocontexts per device.
ocontexts was split up into 4 files:
1.fs_use
2.genfs_contexts
3.initial_sid_contexts
4.port_contexts
Each file has their respective declerations in them.
Devices, in their respective device directory, can now specify sepolicy.fs_use, sepolicy.genfs_contexts, sepolicy.port_contexts, and sepolicy.initial_sid_contexts. These declerations will be added right behind their respective sepolicy counterparts in the concatenated configuration file.
Diffstat (limited to 'fs_use')
| -rw-r--r-- | fs_use | 21 |
1 files changed, 21 insertions, 0 deletions
@@ -0,0 +1,21 @@ +# Label inodes via getxattr. +fs_use_xattr yaffs2 u:object_r:labeledfs:s0; +fs_use_xattr jffs2 u:object_r:labeledfs:s0; +fs_use_xattr ext2 u:object_r:labeledfs:s0; +fs_use_xattr ext3 u:object_r:labeledfs:s0; +fs_use_xattr ext4 u:object_r:labeledfs:s0; +fs_use_xattr xfs u:object_r:labeledfs:s0; +fs_use_xattr btrfs u:object_r:labeledfs:s0; + +# Label inodes from task label. +fs_use_task pipefs u:object_r:pipefs:s0; +fs_use_task sockfs u:object_r:sockfs:s0; + +# Label inodes from combination of task label and fs label. +# Define type_transition rules if you want per-domain types. +fs_use_trans devpts u:object_r:devpts:s0; +fs_use_trans tmpfs u:object_r:tmpfs:s0; +fs_use_trans devtmpfs u:object_r:device:s0; +fs_use_trans shm u:object_r:shm:s0; +fs_use_trans mqueue u:object_r:mqueue:s0; + |