Something went wrong on our end
Select Git revision
-
William Roberts authoredEnable checkfc to check *_contexts against a set of valid attributes which must be associated with all types in the contexts file that is being checked. Since it's imperative that checkfc knows which file its checking to choose the proper attribute set, the -s option is introduced to indicate the service_contexts file. The property_contexts file continues to use the existing -p and file_contexts requires no specification, aka it's the default. Failure examples: file_contexts: Error: type "init" is not of set: "fs_type, dev_type, file_type" service_contexts: Error: type "init_exec" is not of set: "service_manager_type" property_contexts: Error: type "bluetooth_service" is not of set: "property_type" Change-Id: I62077e4d0760858a9459e753e14dfd209868080f Signed-off-by:
William Roberts <william.c.roberts@intel.com>William Roberts authoredEnable checkfc to check *_contexts against a set of valid attributes which must be associated with all types in the contexts file that is being checked. Since it's imperative that checkfc knows which file its checking to choose the proper attribute set, the -s option is introduced to indicate the service_contexts file. The property_contexts file continues to use the existing -p and file_contexts requires no specification, aka it's the default. Failure examples: file_contexts: Error: type "init" is not of set: "fs_type, dev_type, file_type" service_contexts: Error: type "init_exec" is not of set: "service_manager_type" property_contexts: Error: type "bluetooth_service" is not of set: "property_type" Change-Id: I62077e4d0760858a9459e753e14dfd209868080f Signed-off-by:William Roberts <william.c.roberts@intel.com>
attributes 2.78 KiB
######################################
# Attribute declarations
#
# All types used for devices.
# On change, update CHECK_FC_ASSERT_ATTRS
# in tools/checkfc.c
attribute dev_type;
# All types used for processes.
attribute domain;
# Temporary attribute used for migrating permissions out of domain.
# Motivation: Domain is overly permissive. Start removing permissions
# from domain and assign them to the domain_deprecated attribute.
# Domain_deprecated and domain can initially be assigned to all
# domains. The goal is to not assign domain_deprecated to new domains
# and to start removing domain_deprecated where it's not required or
# reassigning the appropriate permissions to the inheriting domain
# when necessary.
attribute domain_deprecated;
# All types used for filesystems.
# On change, update CHECK_FC_ASSERT_ATTRS
# definition in tools/checkfc.c.
attribute fs_type;
# All types used for context= mounts.
attribute contextmount_type;
# All types used for files that can exist on a labeled fs.
# Do not use for pseudo file types.
# On change, update CHECK_FC_ASSERT_ATTRS
# definition in tools/checkfc.c.
attribute file_type;
# All types used for domain entry points.
attribute exec_type;
# All types used for /data files.
attribute data_file_type;
# All types use for sysfs files.
attribute sysfs_type;
# All types use for debugfs files.
attribute debugfs_type;
# Attribute used for all sdcards
attribute sdcard_type;
# All types used for nodes/hosts.
attribute node_type;
# All types used for network interfaces.
attribute netif_type;
# All types used for network ports.
attribute port_type;
# All types used for property service
# On change, update CHECK_PC_ASSERT_ATTRS
# definition in tools/checkfc.c.
attribute property_type;
# All properties defined in core SELinux policy. Should not be
# used by device specific properties
attribute core_property_type;
# All service_manager types created by system_server