diff options
Diffstat (limited to 'keystore.te')
-rw-r--r-- | keystore.te | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/keystore.te b/keystore.te index afa701c..3561fed 100644 --- a/keystore.te +++ b/keystore.te @@ -12,6 +12,11 @@ allow keystore keystore_exec:file { getattr }; allow keystore tee_device:chr_file rw_file_perms; allow keystore tee:unix_stream_socket connectto; +allow keystore keystore_service:service_manager { add find }; + +# Check SELinux permissions. +selinux_check_access(keystore) + ### ### Neverallow rules ### @@ -21,12 +26,7 @@ allow keystore tee:unix_stream_socket connectto; neverallow { domain -keystore } keystore_data_file:dir ~{ open create read getattr setattr search relabelto }; neverallow { domain -keystore } keystore_data_file:notdevfile_class_set ~{ relabelto getattr }; -neverallow { domain -keystore -init -kernel -recovery } keystore_data_file:dir *; -neverallow { domain -keystore -init -kernel -recovery } keystore_data_file:notdevfile_class_set *; +neverallow { domain -keystore -init } keystore_data_file:dir *; +neverallow { domain -keystore -init } keystore_data_file:notdevfile_class_set *; neverallow domain keystore:process ptrace; - -allow keystore keystore_service:service_manager add; - -# Check SELinux permissions. -selinux_check_access(keystore) |