aboutsummaryrefslogtreecommitdiffstats
path: root/keystore.te
diff options
context:
space:
mode:
Diffstat (limited to 'keystore.te')
-rw-r--r--keystore.te14
1 files changed, 7 insertions, 7 deletions
diff --git a/keystore.te b/keystore.te
index afa701c..3561fed 100644
--- a/keystore.te
+++ b/keystore.te
@@ -12,6 +12,11 @@ allow keystore keystore_exec:file { getattr };
allow keystore tee_device:chr_file rw_file_perms;
allow keystore tee:unix_stream_socket connectto;
+allow keystore keystore_service:service_manager { add find };
+
+# Check SELinux permissions.
+selinux_check_access(keystore)
+
###
### Neverallow rules
###
@@ -21,12 +26,7 @@ allow keystore tee:unix_stream_socket connectto;
neverallow { domain -keystore } keystore_data_file:dir ~{ open create read getattr setattr search relabelto };
neverallow { domain -keystore } keystore_data_file:notdevfile_class_set ~{ relabelto getattr };
-neverallow { domain -keystore -init -kernel -recovery } keystore_data_file:dir *;
-neverallow { domain -keystore -init -kernel -recovery } keystore_data_file:notdevfile_class_set *;
+neverallow { domain -keystore -init } keystore_data_file:dir *;
+neverallow { domain -keystore -init } keystore_data_file:notdevfile_class_set *;
neverallow domain keystore:process ptrace;
-
-allow keystore keystore_service:service_manager add;
-
-# Check SELinux permissions.
-selinux_check_access(keystore)
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-24 23:35:18 +0000