diff options
author | Ricardo Cerqueira <ricardo@cyngn.com> | 2014-11-09 17:20:54 +0000 |
---|---|---|
committer | Ricardo Cerqueira <ricardo@cyngn.com> | 2014-11-09 17:20:54 +0000 |
commit | 15df17f9acf1ca652d9495218846212e682a64d5 (patch) | |
tree | a34135ec305ffb89d0830628f9397cbca0e1a5d2 | |
parent | f2458128d0db54cc4767a6d640de193c8f9c7bf4 (diff) | |
download | vendor_replicant-15df17f9acf1ca652d9495218846212e682a64d5.tar.gz vendor_replicant-15df17f9acf1ca652d9495218846212e682a64d5.tar.bz2 vendor_replicant-15df17f9acf1ca652d9495218846212e682a64d5.zip |
selinux: Add rules for the audit daemon
Change-Id: I050a9ef39d58d2592d880d225d45eb64d8a40b7b
-rw-r--r-- | sepolicy/auditd.te | 3 | ||||
-rw-r--r-- | sepolicy/file.te | 2 | ||||
-rw-r--r-- | sepolicy/file_contexts | 4 | ||||
-rw-r--r-- | sepolicy/sepolicy.mk | 1 |
4 files changed, 10 insertions, 0 deletions
diff --git a/sepolicy/auditd.te b/sepolicy/auditd.te new file mode 100644 index 00000000..01d5a069 --- /dev/null +++ b/sepolicy/auditd.te @@ -0,0 +1,3 @@ +allow logd auditd_log:dir rw_dir_perms; +allow logd auditd_log:file create_file_perms; + diff --git a/sepolicy/file.te b/sepolicy/file.te index 95a9c384..3a20199c 100644 --- a/sepolicy/file.te +++ b/sepolicy/file.te @@ -1,2 +1,4 @@ # Support asec containers getting mounted allow file_type rootfs:filesystem associate; + +type auditd_log, file_type; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index e23df31f..9e7f998f 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -1,5 +1,9 @@ /cache/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0 +# Auditd is a logging daemon. Put it into logd's context +/system/bin/auditd u:object_r:logd_exec:s0 +/data/misc/audit(/.*)? u:object_r:auditd_log:s0 + ############################# # performance-related sysfs files (CM) /sys/kernel/mm/ksm(/.*)? -- u:object_r:sysfs_writable:s0 diff --git a/sepolicy/sepolicy.mk b/sepolicy/sepolicy.mk index 45792a19..c58ce146 100644 --- a/sepolicy/sepolicy.mk +++ b/sepolicy/sepolicy.mk @@ -11,6 +11,7 @@ BOARD_SEPOLICY_UNION += \ file_contexts \ genfs_contexts \ seapp_contexts \ + auditd.te \ installd.te \ netd.te \ system.te \ |