Something went wrong on our end
-
Stephen Smalley authoredWhen using MLS (i.e. enabling levelFrom= in seapp_contexts), certain domains and types must be exempted from the normal constraints defined in the mls file. Beyond the current set, adbd, logd, mdnsd, netd, and servicemanager need to be able to read/write to any level in order to communicate with apps running with any level, and the logdr and logdw sockets need to be writable by apps running with any level. This change has no impact unless levelFrom= is specified in seapp_contexts, so by itself it is a no-op. Change-Id: I36ed382b04a60a472e245a77055db294d3e708c3 Signed-off-by:
Stephen Smalley <sds@tycho.nsa.gov>Stephen Smalley authoredWhen using MLS (i.e. enabling levelFrom= in seapp_contexts), certain domains and types must be exempted from the normal constraints defined in the mls file. Beyond the current set, adbd, logd, mdnsd, netd, and servicemanager need to be able to read/write to any level in order to communicate with apps running with any level, and the logdr and logdw sockets need to be writable by apps running with any level. This change has no impact unless levelFrom= is specified in seapp_contexts, so by itself it is a no-op. Change-Id: I36ed382b04a60a472e245a77055db294d3e708c3 Signed-off-by:Stephen Smalley <sds@tycho.nsa.gov>