Clean up remaining denials.

Bug: 8424461 Change-Id: I8f0b01cdb19b4a479d5de842f4e4844aeab00622

Clean up remaining denials.
274d2927 · repo sync · 77d4731e · 274d2927 · 274d2927 · 274d2927
Commit 274d2927 authored 11 years ago by repo sync
--- a/tee.te
+++ b/tee.te
@@ -7,5 +7,5 @@ type tee_device, dev_type;
 type tee_data_file, file_type, data_file_type;
 permissive tee;
-unconfined_domain(netd)
+unconfined_domain(tee)
 init_daemon_domain(tee)
--- a/unconfined.te
+++ b/unconfined.te
@@ -14,7 +14,7 @@ allow unconfineddomain fs_type:filesystem *;
 allow unconfineddomain {fs_type dev_type file_type}:{ dir blk_file lnk_file sock_file fifo_file } *;
 allow unconfineddomain {fs_type dev_type file_type}:{ chr_file file } ~entrypoint;
 allow unconfineddomain node_type:node *;
-allow unconfineddomain node_type:{ tcp_socket udp_socket } node_bind;
+allow unconfineddomain node_type:{ tcp_socket udp_socket rawip_socket } node_bind;
 allow unconfineddomain netif_type:netif *;
 allow unconfineddomain port_type:socket_class_set name_bind;
 allow unconfineddomain port_type:{ tcp_socket dccp_socket } name_connect;

--- a/watchdogd.te
+++ b/watchdogd.te
@@ -2,3 +2,4 @@
 type watchdogd, domain;
 permissive watchdogd;
 unconfined_domain(watchdogd)
+allow watchdogd rootfs:file entrypoint;