Skip to content
Snippets Groups Projects
  • Stephen Smalley's avatar
    45731c70
    Annotate MLS trusted subjects and objects. · 45731c70
    Stephen Smalley authored
    
    When using MLS (i.e. enabling levelFrom= in seapp_contexts),
    certain domains and types must be exempted from the normal
    constraints defined in the mls file.  Beyond the current
    set, adbd, logd, mdnsd, netd, and servicemanager need to
    be able to read/write to any level in order to communicate
    with apps running with any level, and the logdr and logdw
    sockets need to be writable by apps running with any level.
    
    This change has no impact unless levelFrom= is specified in
    seapp_contexts, so by itself it is a no-op.
    
    Change-Id: I36ed382b04a60a472e245a77055db294d3e708c3
    Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
    45731c70
    History
    Annotate MLS trusted subjects and objects.
    Stephen Smalley authored
    
    When using MLS (i.e. enabling levelFrom= in seapp_contexts),
    certain domains and types must be exempted from the normal
    constraints defined in the mls file.  Beyond the current
    set, adbd, logd, mdnsd, netd, and servicemanager need to
    be able to read/write to any level in order to communicate
    with apps running with any level, and the logdr and logdw
    sockets need to be writable by apps running with any level.
    
    This change has no impact unless levelFrom= is specified in
    seapp_contexts, so by itself it is a no-op.
    
    Change-Id: I36ed382b04a60a472e245a77055db294d3e708c3
    Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>