diff options
author | repo sync <gcondra@google.com> | 2013-05-17 17:11:29 -0700 |
---|---|---|
committer | repo sync <gcondra@google.com> | 2013-05-20 11:08:05 -0700 |
commit | 77d4731e9d30c8971e076e2469d6957619019921 (patch) | |
tree | a09ca764a3474bfaf20c0aafee0bf3a907d382fe /watchdogd.te | |
parent | 42cabf341c8a600a218023ec69b3518e3d3d482c (diff) | |
download | android_external_sepolicy-77d4731e9d30c8971e076e2469d6957619019921.tar.gz android_external_sepolicy-77d4731e9d30c8971e076e2469d6957619019921.tar.bz2 android_external_sepolicy-77d4731e9d30c8971e076e2469d6957619019921.zip |
Make all domains unconfined.
This prevents denials from being generated by the base policy.
Over time, these rules will be incrementally tightened to improve
security.
Change-Id: I4be1c987a5d69ac784a56d42fc2c9063c402de11
Diffstat (limited to 'watchdogd.te')
-rw-r--r-- | watchdogd.te | 7 |
1 files changed, 1 insertions, 6 deletions
diff --git a/watchdogd.te b/watchdogd.te index 76f8244..1c14d8f 100644 --- a/watchdogd.te +++ b/watchdogd.te @@ -1,9 +1,4 @@ # watchdogd seclabel is specified in init.<board>.rc type watchdogd, domain; permissive watchdogd; -allow watchdogd rootfs:file { entrypoint r_file_perms }; -allow watchdogd self:capability mknod; -allow watchdogd device:dir { add_name write remove_name }; -allow watchdogd watchdog_device:chr_file rw_file_perms; -# because of /dev/__kmsg__ and /dev/__null__ -allow watchdogd device:chr_file create_file_perms; +unconfined_domain(watchdogd) |