Skip to content
Snippets Groups Projects
Commit 26cd912e authored by dcashman's avatar dcashman
Browse files

Give /proc/iomem a more specific label. 

/proc/iomem is currently given the proc label but contains system information
which should not be available to all processes.

Bug: 22008387
Change-Id: I4f1821f40113a743ad986d13d8d130ed8b8abf2f
parent ffc86bea
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
file.te
+ 1
0
View file @ 26cd912e
...@@ -11,6 +11,7 @@ type usermodehelper, fs_type, sysfs_type; ...@@ -11,6 +11,7 @@ type usermodehelper, fs_type, sysfs_type;
type qtaguid_proc, fs_type, mlstrustedobject; type qtaguid_proc, fs_type, mlstrustedobject;
type proc_bluetooth_writable, fs_type; type proc_bluetooth_writable, fs_type;
type proc_cpuinfo, fs_type; type proc_cpuinfo, fs_type;
type proc_iomem, fs_type;
type proc_net, fs_type; type proc_net, fs_type;
type proc_sysrq, fs_type; type proc_sysrq, fs_type;
type selinuxfs, fs_type, mlstrustedobject; type selinuxfs, fs_type, mlstrustedobject;
......
genfs_contexts
+ 1
0
View file @ 26cd912e
...@@ -2,6 +2,7 @@ ...@@ -2,6 +2,7 @@
genfscon rootfs / u:object_r:rootfs:s0 genfscon rootfs / u:object_r:rootfs:s0
# proc labeling can be further refined (longest matching prefix). # proc labeling can be further refined (longest matching prefix).
genfscon proc / u:object_r:proc:s0 genfscon proc / u:object_r:proc:s0
genfscon proc /iomem u:object_r:proc_iomem:s0
genfscon proc /net u:object_r:proc_net:s0 genfscon proc /net u:object_r:proc_net:s0
genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid_proc:s0 genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid_proc:s0
genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0 genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment