diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2013-10-29 14:42:40 -0400 |
---|---|---|
committer | Stephen Smalley <sds@tycho.nsa.gov> | 2013-11-13 16:31:44 -0500 |
commit | 72a4745919f8eb2fae998450935ed1f1d0e3bb2a (patch) | |
tree | ff2025341fdf7df6602bd4c9384122a10996ac10 /tee.te | |
parent | 91ebcf33326418ed9603e618ad193550646c3b04 (diff) | |
download | android_external_sepolicy-72a4745919f8eb2fae998450935ed1f1d0e3bb2a.tar.gz android_external_sepolicy-72a4745919f8eb2fae998450935ed1f1d0e3bb2a.tar.bz2 android_external_sepolicy-72a4745919f8eb2fae998450935ed1f1d0e3bb2a.zip |
Confine tee, but leave it permissive for now.
Change-Id: Id69b1fe80746429a550448b9168ac7e86c38aa9f
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'tee.te')
-rw-r--r-- | tee.te | 7 |
1 files changed, 6 insertions, 1 deletions
@@ -2,9 +2,14 @@ # trusted execution environment (tee) daemon # type tee, domain; +permissive tee; type tee_exec, exec_type, file_type; type tee_device, dev_type; type tee_data_file, file_type, data_file_type; -unconfined_domain(tee) init_daemon_domain(tee) +allow tee self:capability { dac_override }; +allow tee tee_device:chr_file rw_file_perms; +allow tee tee_data_file:dir rw_dir_perms; +allow tee tee_data_file:file create_file_perms; +allow tee self:netlink_socket { create bind read }; |