diff options
| author | repo sync <gcondra@google.com> | 2013-05-22 13:19:58 -0700 |
|---|---|---|
| committer | repo sync <gcondra@google.com> | 2013-05-22 14:20:20 -0700 |
| commit | 274d2927a7ccbfd266c83d6da5e9e2772805fbd5 (patch) | |
| tree | 4e6a6d6d3f43095195b997e28368ccd9464873a8 | |
| parent | 77d4731e9d30c8971e076e2469d6957619019921 (diff) | |
| download | sepolicy-jb-mr2-cts-dev.tar.gz | |
Clean up remaining denials.android-4.3_r3.1android-4.3_r3android-4.3_r2.3android-4.3_r2.2android-4.3_r2.1android-4.3_r2android-4.3_r1.1android-4.3_r1android-4.3_r0.9.1android-4.3_r0.9android-4.3.1_r1jb-mr2.0.0-releasejb-mr2.0-releasejb-mr2-releasejb-mr2-devjb-mr2-cts-dev
Bug: 8424461
Change-Id: I8f0b01cdb19b4a479d5de842f4e4844aeab00622
| -rw-r--r-- | tee.te | 2 | ||||
| -rw-r--r-- | unconfined.te | 2 | ||||
| -rw-r--r-- | watchdogd.te | 1 |
3 files changed, 3 insertions, 2 deletions
@@ -7,5 +7,5 @@ type tee_device, dev_type; type tee_data_file, file_type, data_file_type; permissive tee; -unconfined_domain(netd) +unconfined_domain(tee) init_daemon_domain(tee) diff --git a/unconfined.te b/unconfined.te index 3dbfb59..9f100a3 100644 --- a/unconfined.te +++ b/unconfined.te @@ -14,7 +14,7 @@ allow unconfineddomain fs_type:filesystem *; allow unconfineddomain {fs_type dev_type file_type}:{ dir blk_file lnk_file sock_file fifo_file } *; allow unconfineddomain {fs_type dev_type file_type}:{ chr_file file } ~entrypoint; allow unconfineddomain node_type:node *; -allow unconfineddomain node_type:{ tcp_socket udp_socket } node_bind; +allow unconfineddomain node_type:{ tcp_socket udp_socket rawip_socket } node_bind; allow unconfineddomain netif_type:netif *; allow unconfineddomain port_type:socket_class_set name_bind; allow unconfineddomain port_type:{ tcp_socket dccp_socket } name_connect; diff --git a/watchdogd.te b/watchdogd.te index 1c14d8f..3bf9aae 100644 --- a/watchdogd.te +++ b/watchdogd.te @@ -2,3 +2,4 @@ type watchdogd, domain; permissive watchdogd; unconfined_domain(watchdogd) +allow watchdogd rootfs:file entrypoint; |