diff options
author | Nick Kralevich <nnk@google.com> | 2013-11-14 11:34:11 -0800 |
---|---|---|
committer | Android Git Automerger <android-git-automerger@android.com> | 2013-11-14 11:34:11 -0800 |
commit | 24fb24f7ea1bf74bc1234394b81955e0aab6943f (patch) | |
tree | 7a0a84ca7594e0c2bf1c8993b21e068dc08aafcc | |
parent | 678420e023c6f143fb99cfed031397e732960410 (diff) | |
parent | ae49e7a3691137b5276254074b2c282bcdfee523 (diff) | |
download | sepolicy-24fb24f7ea1bf74bc1234394b81955e0aab6943f.tar.gz |
am ae49e7a3: Merge "Confine tee, but leave it permissive for now."
* commit 'ae49e7a3691137b5276254074b2c282bcdfee523':
Confine tee, but leave it permissive for now.
-rw-r--r-- | tee.te | 7 |
1 files changed, 6 insertions, 1 deletions
@@ -2,9 +2,14 @@ # trusted execution environment (tee) daemon # type tee, domain; +permissive tee; type tee_exec, exec_type, file_type; type tee_device, dev_type; type tee_data_file, file_type, data_file_type; -unconfined_domain(tee) init_daemon_domain(tee) +allow tee self:capability { dac_override }; +allow tee tee_device:chr_file rw_file_perms; +allow tee tee_data_file:dir rw_dir_perms; +allow tee tee_data_file:file create_file_perms; +allow tee self:netlink_socket { create bind read }; |