-
Stephen Smalley authoredOnly allow to domains as required and amend the existing neverallow on block_device:blk_file to replace the exemption for unconfineddomain with an explicit whitelist. The neverallow does not check other device types as specific ones may need to be writable by device-specific domains. Change-Id: I0f2f1f565e886ae110a719a08aa3a1e7e9f23e8c Signed-off-by:
Stephen Smalley <sds@tycho.nsa.gov>Stephen Smalley authoredOnly allow to domains as required and amend the existing neverallow on block_device:blk_file to replace the exemption for unconfineddomain with an explicit whitelist. The neverallow does not check other device types as specific ones may need to be writable by device-specific domains. Change-Id: I0f2f1f565e886ae110a719a08aa3a1e7e9f23e8c Signed-off-by:Stephen Smalley <sds@tycho.nsa.gov>