diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2013-11-05 09:37:41 -0500 |
---|---|---|
committer | Stephen Smalley <sds@tycho.nsa.gov> | 2013-11-06 10:24:14 -0500 |
commit | 1d5352eaa3983736d1374c9c4f0f9d075cc8b4c7 (patch) | |
tree | a2c577a5a425f6fdf2f2422d22dbbac23217f1ec /target/board/generic | |
parent | a7f254feb77db5a1358be869c39757eab487bbde (diff) | |
download | build-1d5352eaa3983736d1374c9c4f0f9d075cc8b4c7.zip build-1d5352eaa3983736d1374c9c4f0f9d075cc8b4c7.tar.gz build-1d5352eaa3983736d1374c9c4f0f9d075cc8b4c7.tar.bz2 |
Move goldfish-specific policy rules to their own directory.
Change-Id: I1bdd80f641db05fef4714654515c1e1fbb259794
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'target/board/generic')
-rw-r--r-- | target/board/generic/BoardConfig.mk | 3 | ||||
-rw-r--r-- | target/board/generic/sepolicy/domain.te | 2 | ||||
-rw-r--r-- | target/board/generic/sepolicy/surfaceflinger.te | 1 |
3 files changed, 6 insertions, 0 deletions
diff --git a/target/board/generic/BoardConfig.mk b/target/board/generic/BoardConfig.mk index 3bd4f31..1db56db 100644 --- a/target/board/generic/BoardConfig.mk +++ b/target/board/generic/BoardConfig.mk @@ -52,3 +52,6 @@ BOARD_CACHEIMAGE_PARTITION_SIZE := 69206016 BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE := ext4 BOARD_FLASH_BLOCK_SIZE := 512 TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true + +BOARD_SEPOLICY_DIRS += build/target/board/generic/sepolicy +BOARD_SEPOLICY_UNION += domain.te surfaceflinger.te diff --git a/target/board/generic/sepolicy/domain.te b/target/board/generic/sepolicy/domain.te new file mode 100644 index 0000000..f026100 --- /dev/null +++ b/target/board/generic/sepolicy/domain.te @@ -0,0 +1,2 @@ +# For /sys/qemu_trace files in the emulator. +allow domain sysfs_writable:file rw_file_perms; diff --git a/target/board/generic/sepolicy/surfaceflinger.te b/target/board/generic/sepolicy/surfaceflinger.te new file mode 100644 index 0000000..9523630 --- /dev/null +++ b/target/board/generic/sepolicy/surfaceflinger.te @@ -0,0 +1 @@ +allow surfaceflinger self:process execmem; |