From 9fca8a398d353bdc2a753748ce63c9fcc431df04 Mon Sep 17 00:00:00 2001
From: William Roberts <william.c.roberts@intel.com>
Date: Fri, 6 May 2016 09:20:28 -0700
Subject: [PATCH] property_socket: add mlstrustedobject attribute

In order to allow set_prop() to function with platform_apps,
the property_socket file requires mlstrustedobject since
platform app uses category sets.

This does not allow untrusted_app access, as the following
neverallows still prevent type access:

untrusted_app.te:118:neverallow untrusted_app property_socket:sock_file write;
untrusted_app.te:120:neverallow untrusted_app property_type:property_service set;

Lastly, the internal socket to property_service is labeled with init
which is mlstrustedsubject, so no changes are required there.

Change-Id: I47296a2dc24b16785fd296deea7a54ae9966226a
Signed-off-by: William Roberts <william.c.roberts@intel.com>
---
 file.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/file.te b/file.te
index 04d3a9b54..1f8dd3cda 100644
--- a/file.te
+++ b/file.te
@@ -199,7 +199,7 @@ type mdnsd_socket, file_type, mlstrustedobject;
 type misc_logd_file, file_type;
 type mtpd_socket, file_type;
 type netd_socket, file_type;
-type property_socket, file_type;
+type property_socket, file_type, mlstrustedobject;
 type racoon_socket, file_type;
 type rild_socket, file_type;
 type rild_debug_socket, file_type;
-- 
GitLab