summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2013-12-20 13:26:11 -0500
committerStephen Smalley <sds@tycho.nsa.gov>2013-12-20 14:33:55 -0500
commit737f9a167a9fc43d9ef6dc8bdc9b44d831f4713a (patch)
treeab33059ed97d53c861e82b55b5a16b6d64989998
parent3ccb437d939b10d9ea10e01f37618028683ef669 (diff)
downloadbuild-737f9a167a9fc43d9ef6dc8bdc9b44d831f4713a.zip
build-737f9a167a9fc43d9ef6dc8bdc9b44d831f4713a.tar.gz
build-737f9a167a9fc43d9ef6dc8bdc9b44d831f4713a.tar.bz2
Add policy for x86 emulator.
-rw-r--r--target/board/generic_x86/BoardConfig.mk8
-rw-r--r--target/board/generic_x86/sepolicy/domain.te1
-rw-r--r--target/board/generic_x86/sepolicy/healthd.te1
-rw-r--r--target/board/generic_x86/sepolicy/installd.te1
-rw-r--r--target/board/generic_x86/sepolicy/system_server.te1
-rw-r--r--target/board/generic_x86/sepolicy/zygote.te2
6 files changed, 14 insertions, 0 deletions
diff --git a/target/board/generic_x86/BoardConfig.mk b/target/board/generic_x86/BoardConfig.mk
index ed7da38..2381fea 100644
--- a/target/board/generic_x86/BoardConfig.mk
+++ b/target/board/generic_x86/BoardConfig.mk
@@ -41,3 +41,11 @@ BOARD_CACHEIMAGE_PARTITION_SIZE := 69206016
BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE := ext4
BOARD_FLASH_BLOCK_SIZE := 512
TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true
+
+BOARD_SEPOLICY_DIRS += build/target/board/generic_x86/sepolicy
+BOARD_SEPOLICY_UNION += \
+ domain.te \
+ healthd.te \
+ installd.te \
+ system_server.te \
+ zygote.te
diff --git a/target/board/generic_x86/sepolicy/domain.te b/target/board/generic_x86/sepolicy/domain.te
new file mode 100644
index 0000000..0bc8d87
--- /dev/null
+++ b/target/board/generic_x86/sepolicy/domain.te
@@ -0,0 +1 @@
+allow domain cpuctl_device:dir search;
diff --git a/target/board/generic_x86/sepolicy/healthd.te b/target/board/generic_x86/sepolicy/healthd.te
new file mode 100644
index 0000000..95fa807
--- /dev/null
+++ b/target/board/generic_x86/sepolicy/healthd.te
@@ -0,0 +1 @@
+allow healthd self:capability sys_nice;
diff --git a/target/board/generic_x86/sepolicy/installd.te b/target/board/generic_x86/sepolicy/installd.te
new file mode 100644
index 0000000..7a558b1
--- /dev/null
+++ b/target/board/generic_x86/sepolicy/installd.te
@@ -0,0 +1 @@
+allow installd self:process execmem;
diff --git a/target/board/generic_x86/sepolicy/system_server.te b/target/board/generic_x86/sepolicy/system_server.te
new file mode 100644
index 0000000..5d98a14
--- /dev/null
+++ b/target/board/generic_x86/sepolicy/system_server.te
@@ -0,0 +1 @@
+allow system_server self:process execmem;
diff --git a/target/board/generic_x86/sepolicy/zygote.te b/target/board/generic_x86/sepolicy/zygote.te
new file mode 100644
index 0000000..93993a4
--- /dev/null
+++ b/target/board/generic_x86/sepolicy/zygote.te
@@ -0,0 +1,2 @@
+allow zygote self:process execmem;
+allow zygote self:capability sys_nice;