SE Android policy.

author: Stephen Smalley <sds@tycho.nsa.gov> 2012-01-04 12:33:27 -0500
committer: Stephen Smalley <sds@tycho.nsa.gov> 2012-01-04 12:33:27 -0500
commit: 2dd4e51d5c2a2dfc0bfdee9303269f5a665f6e35 (patch)
tree: 70cf7ff792b5f782a2963f87c873b7a7ae926af4 /rild.te
download: android_external_sepolicy-2dd4e51d5c2a2dfc0bfdee9303269f5a665f6e35.tar.gz
android_external_sepolicy-2dd4e51d5c2a2dfc0bfdee9303269f5a665f6e35.tar.bz2
android_external_sepolicy-2dd4e51d5c2a2dfc0bfdee9303269f5a665f6e35.zip
1 files changed, 21 insertions, 0 deletions
diff --git a/rild.te b/rild.te
new file mode 100644
index 0000000..2857892
--- /dev/null
+++ b/rild.te
@@ -0,0 +1,21 @@
+# rild - radio interface layer daemon
+type rild, domain;
+type rild_exec, exec_type, file_type;
+
+init_daemon_domain(rild)
+net_domain(rild)
+allow rild kernel:system module_request;
+unix_socket_connect(rild, property, init)
+unix_socket_connect(rild, qemud, qemud)
+allow rild self:capability { setuid net_admin net_raw };
+allow rild alarm_device:chr_file rw_file_perms;
+allow rild cgroup:dir create_dir_perms;
+allow rild radio_device:chr_file rw_file_perms;
+allow rild qemu_device:chr_file rw_file_perms;
+allow rild mtd_device:dir search;
+allow rild efs_file:dir create_dir_perms;
+allow rild efs_file:file create_file_perms;
+allow rild shell_exec:file rx_file_perms;
+dontaudit rild self:capability sys_admin;
+# XXX Label sysfs files with a specific type?
+allow rild sysfs:file rw_file_perms;
author	Stephen Smalley <sds@tycho.nsa.gov>	2012-01-04 12:33:27 -0500
committer	Stephen Smalley <sds@tycho.nsa.gov>	2012-01-04 12:33:27 -0500
commit	2dd4e51d5c2a2dfc0bfdee9303269f5a665f6e35 (patch)
tree	70cf7ff792b5f782a2963f87c873b7a7ae926af4 /rild.te
download	android_external_sepolicy-2dd4e51d5c2a2dfc0bfdee9303269f5a665f6e35.tar.gz android_external_sepolicy-2dd4e51d5c2a2dfc0bfdee9303269f5a665f6e35.tar.bz2 android_external_sepolicy-2dd4e51d5c2a2dfc0bfdee9303269f5a665f6e35.zip