Allow healthd to read/write /dev/__null_.

init creates a private /dev/null instance named /dev/__null__ that is inherited by healthd. Since it is created prior to initial policy load, it is left in the tmpfs type. Allow healthd to inherit and use the open fd. Change-Id: I525fb4527766d0780457642ebcc19c0fcfd1778c Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Allow healthd to read/write /dev/__null_.
190c704d · Stephen Smalley · 129f8df9 · 190c704d
Commit 190c704d authored 11 years ago by Stephen Smalley
--- a/healthd.te
+++ b/healthd.te
@@ -6,6 +6,9 @@ type healthd_exec, exec_type, file_type;
 init_daemon_domain(healthd)
 allow healthd rootfs:file { read entrypoint };
 write_klog(healthd)
+# /dev/__null__ created by init prior to policy load,
+# open fd inherited by healthd.
+allow healthd tmpfs:chr_file { read write };

 allow healthd self:capability { net_admin mknod };
 allow healthd self:capability2 block_suspend;