diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2014-06-16 12:36:49 -0400 |
---|---|---|
committer | Stephen Smalley <sds@tycho.nsa.gov> | 2014-06-17 09:35:56 -0400 |
commit | a49411f49bbfc05923776acee4fa4d9acc4d4b0b (patch) | |
tree | 75970d83d374c105f845a6ee54a6792f6d1ff2fd /target/board/generic_x86/sepolicy | |
parent | 78eee96a7215c24e46dee6affe209bf9562767d5 (diff) | |
download | build-a49411f49bbfc05923776acee4fa4d9acc4d4b0b.zip build-a49411f49bbfc05923776acee4fa4d9acc4d4b0b.tar.gz build-a49411f49bbfc05923776acee4fa4d9acc4d4b0b.tar.bz2 |
Coalesce generic_x86 and generic sepolicy where possible.
We originally forked a complete copy of generic/sepolicy into
generic_x86/sepolicy, but we can instead inherit from it and
merely add rules as needed under generic_x86/sepolicy.
Change-Id: I21e1a1425ce08676a8ea69685a4761db3bfde628
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'target/board/generic_x86/sepolicy')
-rw-r--r-- | target/board/generic_x86/sepolicy/device.te | 1 | ||||
-rw-r--r-- | target/board/generic_x86/sepolicy/domain.te | 3 | ||||
-rw-r--r-- | target/board/generic_x86/sepolicy/file.te | 1 | ||||
-rw-r--r-- | target/board/generic_x86/sepolicy/file_contexts | 4 | ||||
-rw-r--r-- | target/board/generic_x86/sepolicy/qemud.te | 6 | ||||
-rw-r--r-- | target/board/generic_x86/sepolicy/rild.te | 1 | ||||
-rw-r--r-- | target/board/generic_x86/sepolicy/shell.te | 1 | ||||
-rw-r--r-- | target/board/generic_x86/sepolicy/system_server.te | 1 |
8 files changed, 0 insertions, 18 deletions
diff --git a/target/board/generic_x86/sepolicy/device.te b/target/board/generic_x86/sepolicy/device.te deleted file mode 100644 index e4af13c..0000000 --- a/target/board/generic_x86/sepolicy/device.te +++ /dev/null @@ -1 +0,0 @@ -type qemu_device, dev_type; diff --git a/target/board/generic_x86/sepolicy/domain.te b/target/board/generic_x86/sepolicy/domain.te index c3161b3..0bc8d87 100644 --- a/target/board/generic_x86/sepolicy/domain.te +++ b/target/board/generic_x86/sepolicy/domain.te @@ -1,4 +1 @@ -# For /sys/qemu_trace files in the emulator. -allow domain sysfs_writable:file rw_file_perms; allow domain cpuctl_device:dir search; -allow domain qemu_device:chr_file rw_file_perms; diff --git a/target/board/generic_x86/sepolicy/file.te b/target/board/generic_x86/sepolicy/file.te deleted file mode 100644 index 6fad80a..0000000 --- a/target/board/generic_x86/sepolicy/file.te +++ /dev/null @@ -1 +0,0 @@ -type qemud_socket, file_type; diff --git a/target/board/generic_x86/sepolicy/file_contexts b/target/board/generic_x86/sepolicy/file_contexts deleted file mode 100644 index f204cde..0000000 --- a/target/board/generic_x86/sepolicy/file_contexts +++ /dev/null @@ -1,4 +0,0 @@ -/dev/qemu_.* u:object_r:qemu_device:s0 -/dev/socket/qemud u:object_r:qemud_socket:s0 -/system/bin/qemud u:object_r:qemud_exec:s0 -/sys/qemu_trace(/.*)? -- u:object_r:sysfs_writable:s0 diff --git a/target/board/generic_x86/sepolicy/qemud.te b/target/board/generic_x86/sepolicy/qemud.te deleted file mode 100644 index 4ff02ec..0000000 --- a/target/board/generic_x86/sepolicy/qemud.te +++ /dev/null @@ -1,6 +0,0 @@ -# qemu support daemon -type qemud, domain; -type qemud_exec, exec_type, file_type; - -init_daemon_domain(qemud) -unconfined_domain(qemud) diff --git a/target/board/generic_x86/sepolicy/rild.te b/target/board/generic_x86/sepolicy/rild.te deleted file mode 100644 index e148b6c..0000000 --- a/target/board/generic_x86/sepolicy/rild.te +++ /dev/null @@ -1 +0,0 @@ -unix_socket_connect(rild, qemud, qemud) diff --git a/target/board/generic_x86/sepolicy/shell.te b/target/board/generic_x86/sepolicy/shell.te deleted file mode 100644 index b246d7e..0000000 --- a/target/board/generic_x86/sepolicy/shell.te +++ /dev/null @@ -1 +0,0 @@ -allow shell serial_device:chr_file rw_file_perms; diff --git a/target/board/generic_x86/sepolicy/system_server.te b/target/board/generic_x86/sepolicy/system_server.te index 0ede971..5d98a14 100644 --- a/target/board/generic_x86/sepolicy/system_server.te +++ b/target/board/generic_x86/sepolicy/system_server.te @@ -1,2 +1 @@ allow system_server self:process execmem; -unix_socket_connect(system_server, qemud, qemud) |