Annotate MLS trusted subjects and objects.

When using MLS (i.e. enabling levelFrom= in seapp_contexts), certain domains and types must be exempted from the normal constraints defined in the mls file. Beyond the current set, adbd, logd, mdnsd, netd, and servicemanager need to be able to read/write to any level in order to communicate with apps running with any level, and the logdr and logdw sockets need to be writable by apps running with any level. This change has no impact unless levelFrom= is specified in seapp_contexts, so by itself it is a no-op. Change-Id: I36ed382b04a60a472e245a77055db294d3e708c3 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
author: Stephen Smalley <sds@tycho.nsa.gov> 2014-09-08 16:06:40 -0400
committer: Stephen Smalley <sds@tycho.nsa.gov> 2014-09-08 16:06:40 -0400
commit: 45731c70ef446b5981697b9675b2d738da09a23d (patch)
tree: 61306413e7118ce18c93ac7233a58033dad156b6 /netd.te
parent: 5fc825c91715ad0b983b42986e93070eb7ce333d (diff)
download: android_external_sepolicy-45731c70ef446b5981697b9675b2d738da09a23d.tar.gz
android_external_sepolicy-45731c70ef446b5981697b9675b2d738da09a23d.tar.bz2
android_external_sepolicy-45731c70ef446b5981697b9675b2d738da09a23d.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/netd.te b/netd.te
index 81275a7..ce89421 100644
--- a/netd.te
+++ b/netd.te
@@ -1,5 +1,5 @@
 # network manager
-type netd, domain;
+type netd, domain, mlstrustedsubject;
 type netd_exec, exec_type, file_type;
 
 init_daemon_domain(netd)
author	Stephen Smalley <sds@tycho.nsa.gov>	2014-09-08 16:06:40 -0400
committer	Stephen Smalley <sds@tycho.nsa.gov>	2014-09-08 16:06:40 -0400
commit	45731c70ef446b5981697b9675b2d738da09a23d (patch)
tree	61306413e7118ce18c93ac7233a58033dad156b6 /netd.te
parent	5fc825c91715ad0b983b42986e93070eb7ce333d (diff)
download	android_external_sepolicy-45731c70ef446b5981697b9675b2d738da09a23d.tar.gz android_external_sepolicy-45731c70ef446b5981697b9675b2d738da09a23d.tar.bz2 android_external_sepolicy-45731c70ef446b5981697b9675b2d738da09a23d.zip