Skip to content
Snippets Groups Projects
Commit 9fca8a39 authored by William Roberts's avatar William Roberts
Browse files

property_socket: add mlstrustedobject attribute 


In order to allow set_prop() to function with platform_apps,
the property_socket file requires mlstrustedobject since
platform app uses category sets.

This does not allow untrusted_app access, as the following
neverallows still prevent type access:

untrusted_app.te:118:neverallow untrusted_app property_socket:sock_file write;
untrusted_app.te:120:neverallow untrusted_app property_type:property_service set;

Lastly, the internal socket to property_service is labeled with init
which is mlstrustedsubject, so no changes are required there.

Change-Id: I47296a2dc24b16785fd296deea7a54ae9966226a
Signed-off-by: default avatarWilliam Roberts <william.c.roberts@intel.com>
parent e53d0b0b
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 1 addition and 1 deletion
file.te
+ 1
1
View file @ 9fca8a39
......@@ -199,7 +199,7 @@ type mdnsd_socket, file_type, mlstrustedobject;
type misc_logd_file, file_type;
type mtpd_socket, file_type;
type netd_socket, file_type;
type property_socket, file_type;
type property_socket, file_type, mlstrustedobject;
type racoon_socket, file_type;
type rild_socket, file_type;
type rild_debug_socket, file_type;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment