sepolicy: add sepolicies to make gatord run in permissive mode

add SELinux policies for gatord service to make ti run as permissive mode, so that we can use the gatord service first, and will update the sepolicies later Change-Id: I62522c7c6aa8cff08747fcbf60e23e433f6c8746 Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
author: Yongqin Liu <yongqin.liu@linaro.org> 2014-09-27 12:39:59 +0800
committer: Vishal Bhoj <vishal.bhoj@linaro.org> 2014-11-20 11:33:24 +0000
commit: b9410bfbb106e275e97458bad660a384820d9352 (patch)
tree: 5ebbe17143fa4343db382dca756309c4bdfe0bf5
parent: cefb85dfb6137e022d7ad3e14c6af306c0121922 (diff)
download: common-b9410bfbb106e275e97458bad660a384820d9352.tar.gz
3 files changed, 6 insertions, 0 deletions
diff --git a/sepolicy/gatord.te b/sepolicy/gatord.te
new file mode 100644
index 0000000..2943a9b
--- /dev/null
+++ b/sepolicy/gatord.te
@@ -0,0 +1,3 @@
+type gatord, domain, mlstrustedsubject;
+
+permissive gatord;
diff --git a/sepolicy/init.te b/sepolicy/init.te
index b51f08f..c7b980b 100644
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
@@ -1,3 +1,5 @@
 userdebug_or_eng(`
     allow init su:process { transition dyntransition rlimitinh siginh };
 ')
+allow init self:tcp_socket create;
+allow init gatord:process { transition rlimitinh siginh };
diff --git a/sepolicy/logd.te b/sepolicy/logd.te
index ece4edf..a99d8bd 100644
--- a/sepolicy/logd.te
+++ b/sepolicy/logd.te
@@ -1 +1,2 @@
 allow logd property_socket:sock_file write;
+allow logd init:unix_stream_socket connectto;
author	Yongqin Liu <yongqin.liu@linaro.org>	2014-09-27 12:39:59 +0800
committer	Vishal Bhoj <vishal.bhoj@linaro.org>	2014-11-20 11:33:24 +0000
commit	b9410bfbb106e275e97458bad660a384820d9352 (patch)
tree	5ebbe17143fa4343db382dca756309c4bdfe0bf5
parent	cefb85dfb6137e022d7ad3e14c6af306c0121922 (diff)
download	common-b9410bfbb106e275e97458bad660a384820d9352.tar.gz