Skip to content
Snippets Groups Projects
Commit c37856c4 authored by Stephen Smalley's avatar Stephen Smalley
Browse files

Remove unnecessary rules. 


Redundant with other rules or not required for untrusted app.

Change-Id: Idb5d50326cc14696423cf133508c0d013c5928a6
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
parent cfd9b6ba
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 0 additions and 7 deletions
cts.te
+ 0
7
View file @ c37856c4
...@@ -23,16 +23,9 @@ allow appdomain file_type:dir_file_class_set getattr; ...@@ -23,16 +23,9 @@ allow appdomain file_type:dir_file_class_set getattr;
allow appdomain dev_type:dir_file_class_set getattr; allow appdomain dev_type:dir_file_class_set getattr;
allow appdomain fs_type:dir_file_class_set getattr; allow appdomain fs_type:dir_file_class_set getattr;
# Accesses to apk_tmp_file and shell_data_file
allow appdomain apk_tmp_file:file rw_file_perms;
allow appdomain shell_data_file:file r_file_perms;
# Read permission over link file to devices. # Read permission over link file to devices.
allow appdomain dev_type:lnk_file read; allow appdomain dev_type:lnk_file read;
# Read routing information.
allow netdomain self:netlink_route_socket { create read write nlmsg_read };
# Tries to open /dev/alarm for writing but expects failure. # Tries to open /dev/alarm for writing but expects failure.
dontaudit appdomain alarm_device:chr_file write; dontaudit appdomain alarm_device:chr_file write;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment