Something went wrong on our end
-
William Roberts authoredIn order to allow set_prop() to function with platform_apps, the property_socket file requires mlstrustedobject since platform app uses category sets. This does not allow untrusted_app access, as the following neverallows still prevent type access: untrusted_app.te:118:neverallow untrusted_app property_socket:sock_file write; untrusted_app.te:120:neverallow untrusted_app property_type:property_service set; Lastly, the internal socket to property_service is labeled with init which is mlstrustedsubject, so no changes are required there. Change-Id: I47296a2dc24b16785fd296deea7a54ae9966226a Signed-off-by:
William Roberts <william.c.roberts@intel.com>William Roberts authoredIn order to allow set_prop() to function with platform_apps, the property_socket file requires mlstrustedobject since platform app uses category sets. This does not allow untrusted_app access, as the following neverallows still prevent type access: untrusted_app.te:118:neverallow untrusted_app property_socket:sock_file write; untrusted_app.te:120:neverallow untrusted_app property_type:property_service set; Lastly, the internal socket to property_service is labeled with init which is mlstrustedsubject, so no changes are required there. Change-Id: I47296a2dc24b16785fd296deea7a54ae9966226a Signed-off-by:William Roberts <william.c.roberts@intel.com>