diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2013-12-20 13:26:11 -0500 |
---|---|---|
committer | Stephen Smalley <sds@tycho.nsa.gov> | 2013-12-20 14:33:55 -0500 |
commit | 737f9a167a9fc43d9ef6dc8bdc9b44d831f4713a (patch) | |
tree | ab33059ed97d53c861e82b55b5a16b6d64989998 | |
parent | 3ccb437d939b10d9ea10e01f37618028683ef669 (diff) | |
download | build-737f9a167a9fc43d9ef6dc8bdc9b44d831f4713a.zip build-737f9a167a9fc43d9ef6dc8bdc9b44d831f4713a.tar.gz build-737f9a167a9fc43d9ef6dc8bdc9b44d831f4713a.tar.bz2 |
Add policy for x86 emulator.
-rw-r--r-- | target/board/generic_x86/BoardConfig.mk | 8 | ||||
-rw-r--r-- | target/board/generic_x86/sepolicy/domain.te | 1 | ||||
-rw-r--r-- | target/board/generic_x86/sepolicy/healthd.te | 1 | ||||
-rw-r--r-- | target/board/generic_x86/sepolicy/installd.te | 1 | ||||
-rw-r--r-- | target/board/generic_x86/sepolicy/system_server.te | 1 | ||||
-rw-r--r-- | target/board/generic_x86/sepolicy/zygote.te | 2 |
6 files changed, 14 insertions, 0 deletions
diff --git a/target/board/generic_x86/BoardConfig.mk b/target/board/generic_x86/BoardConfig.mk index ed7da38..2381fea 100644 --- a/target/board/generic_x86/BoardConfig.mk +++ b/target/board/generic_x86/BoardConfig.mk @@ -41,3 +41,11 @@ BOARD_CACHEIMAGE_PARTITION_SIZE := 69206016 BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE := ext4 BOARD_FLASH_BLOCK_SIZE := 512 TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true + +BOARD_SEPOLICY_DIRS += build/target/board/generic_x86/sepolicy +BOARD_SEPOLICY_UNION += \ + domain.te \ + healthd.te \ + installd.te \ + system_server.te \ + zygote.te diff --git a/target/board/generic_x86/sepolicy/domain.te b/target/board/generic_x86/sepolicy/domain.te new file mode 100644 index 0000000..0bc8d87 --- /dev/null +++ b/target/board/generic_x86/sepolicy/domain.te @@ -0,0 +1 @@ +allow domain cpuctl_device:dir search; diff --git a/target/board/generic_x86/sepolicy/healthd.te b/target/board/generic_x86/sepolicy/healthd.te new file mode 100644 index 0000000..95fa807 --- /dev/null +++ b/target/board/generic_x86/sepolicy/healthd.te @@ -0,0 +1 @@ +allow healthd self:capability sys_nice; diff --git a/target/board/generic_x86/sepolicy/installd.te b/target/board/generic_x86/sepolicy/installd.te new file mode 100644 index 0000000..7a558b1 --- /dev/null +++ b/target/board/generic_x86/sepolicy/installd.te @@ -0,0 +1 @@ +allow installd self:process execmem; diff --git a/target/board/generic_x86/sepolicy/system_server.te b/target/board/generic_x86/sepolicy/system_server.te new file mode 100644 index 0000000..5d98a14 --- /dev/null +++ b/target/board/generic_x86/sepolicy/system_server.te @@ -0,0 +1 @@ +allow system_server self:process execmem; diff --git a/target/board/generic_x86/sepolicy/zygote.te b/target/board/generic_x86/sepolicy/zygote.te new file mode 100644 index 0000000..93993a4 --- /dev/null +++ b/target/board/generic_x86/sepolicy/zygote.te @@ -0,0 +1,2 @@ +allow zygote self:process execmem; +allow zygote self:capability sys_nice; |