Skip to content
Snippets Groups Projects
Commit 9e012cde authored by Stephen Smalley's avatar Stephen Smalley
Browse files

Remove write access to system_data_file from rild. 


Anything writable by rild should be in radio_data_file or efs_file.
System data should be read-only.

Change-Id: I442a253c22f567a147d0591d623e97a6ee8b76e3
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
parent 2257ca7a
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 2 additions and 4 deletions
rild.te
+ 2
4
View file @ 9e012cde
...@@ -21,10 +21,8 @@ allow rild bluetooth_efs_file:dir r_dir_perms; ...@@ -21,10 +21,8 @@ allow rild bluetooth_efs_file:dir r_dir_perms;
allow rild radio_data_file:dir rw_dir_perms; allow rild radio_data_file:dir rw_dir_perms;
allow rild radio_data_file:file create_file_perms; allow rild radio_data_file:file create_file_perms;
allow rild sdcard_type:dir r_dir_perms; allow rild sdcard_type:dir r_dir_perms;
allow rild system_data_file:dir create_dir_perms; allow rild system_data_file:dir r_dir_perms;
allow rild system_data_file:file create_file_perms; allow rild system_data_file:file r_file_perms;
auditallow rild system_data_file:dir { create reparent rmdir setattr write add_name remove_name };
auditallow rild system_data_file:file { create setattr write append link unlink rename };
allow rild system_file:file x_file_perms; allow rild system_file:file x_file_perms;
dontaudit rild self:capability sys_admin; dontaudit rild self:capability sys_admin;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment