diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2014-09-08 16:06:40 -0400 |
---|---|---|
committer | Stephen Smalley <sds@tycho.nsa.gov> | 2014-09-08 16:06:40 -0400 |
commit | 45731c70ef446b5981697b9675b2d738da09a23d (patch) | |
tree | 61306413e7118ce18c93ac7233a58033dad156b6 /netd.te | |
parent | 5fc825c91715ad0b983b42986e93070eb7ce333d (diff) | |
download | android_external_sepolicy-45731c70ef446b5981697b9675b2d738da09a23d.tar.gz android_external_sepolicy-45731c70ef446b5981697b9675b2d738da09a23d.tar.bz2 android_external_sepolicy-45731c70ef446b5981697b9675b2d738da09a23d.zip |
Annotate MLS trusted subjects and objects.
When using MLS (i.e. enabling levelFrom= in seapp_contexts),
certain domains and types must be exempted from the normal
constraints defined in the mls file. Beyond the current
set, adbd, logd, mdnsd, netd, and servicemanager need to
be able to read/write to any level in order to communicate
with apps running with any level, and the logdr and logdw
sockets need to be writable by apps running with any level.
This change has no impact unless levelFrom= is specified in
seapp_contexts, so by itself it is a no-op.
Change-Id: I36ed382b04a60a472e245a77055db294d3e708c3
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'netd.te')
-rw-r--r-- | netd.te | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -1,5 +1,5 @@ # network manager -type netd, domain; +type netd, domain, mlstrustedsubject; type netd_exec, exec_type, file_type; init_daemon_domain(netd) |