Skip to content
Snippets Groups Projects
Commit 7b601c31 authored by Nick Kralevich's avatar Nick Kralevich Committed by Android Git Automerger
Browse files

am ac664270: Merge "Only auditallow unlabeled accesses not allowed elsewhere."

* commit 'ac664270':
  Only auditallow unlabeled accesses not allowed elsewhere.
parents 871b832c ac664270
Branches
Tags
No related merge requests found
...@@ -150,11 +150,18 @@ allow domain { asec_public_file asec_apk_file }:dir r_dir_perms; ...@@ -150,11 +150,18 @@ allow domain { asec_public_file asec_apk_file }:dir r_dir_perms;
# #
allow domain unlabeled:notdevfile_class_set { create_file_perms relabelfrom }; allow domain unlabeled:notdevfile_class_set { create_file_perms relabelfrom };
allow domain unlabeled:dir { create_dir_perms relabelfrom }; allow domain unlabeled:dir { create_dir_perms relabelfrom };
auditallow { domain -init -installd } unlabeled:notdevfile_class_set { create_file_perms relabelfrom }; auditallow { domain -init -installd -vold -system_server } unlabeled:notdevfile_class_set { create_file_perms relabelfrom };
auditallow { domain -init -kernel -installd } unlabeled:dir { create_dir_perms relabelfrom }; auditallow { domain -init -kernel -installd -vold -system_server } unlabeled:dir { create_dir_perms relabelfrom };
auditallow kernel unlabeled:dir ~search; auditallow kernel unlabeled:dir ~search;
auditallow installd unlabeled:dir ~{ getattr search relabelfrom }; auditallow installd unlabeled:dir ~{ getattr search relabelfrom rw_dir_perms rmdir };
auditallow installd unlabeled:notdevfile_class_set ~{ getattr relabelfrom }; auditallow installd unlabeled:file ~{ r_file_perms getattr relabelfrom rename unlink setattr };
auditallow installd unlabeled:{ lnk_file sock_file fifo_file } ~{ getattr relabelfrom rename unlink setattr };
auditallow vold unlabeled:dir ~{ r_dir_perms setattr relabelfrom };
auditallow vold unlabeled:file ~{ r_file_perms setattr relabelfrom };
auditallow vold unlabeled:{ lnk_file sock_file fifo_file } { create_file_perms relabelfrom };
auditallow system_server unlabeled:dir ~r_dir_perms;
auditallow system_server unlabeled:file ~r_file_perms;
auditallow system_server unlabeled:{ lnk_file sock_file fifo_file } { create_file_perms relabelfrom };
### ###
### neverallow rules ### neverallow rules
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment