Skip to content
Snippets Groups Projects
Commit ae49e7a3 authored by Nick Kralevich's avatar Nick Kralevich Committed by Gerrit Code Review
Browse files

Merge "Confine tee, but leave it permissive for now."

parents 6ce3d60c 72a47459
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 6 additions and 1 deletion
tee.te
+ 6
1
View file @ ae49e7a3
...@@ -2,9 +2,14 @@ ...@@ -2,9 +2,14 @@
# trusted execution environment (tee) daemon # trusted execution environment (tee) daemon
# #
type tee, domain; type tee, domain;
permissive tee;
type tee_exec, exec_type, file_type; type tee_exec, exec_type, file_type;
type tee_device, dev_type; type tee_device, dev_type;
type tee_data_file, file_type, data_file_type; type tee_data_file, file_type, data_file_type;
unconfined_domain(tee)
init_daemon_domain(tee) init_daemon_domain(tee)
allow tee self:capability { dac_override };
allow tee tee_device:chr_file rw_file_perms;
allow tee tee_data_file:dir rw_dir_perms;
allow tee tee_data_file:file create_file_perms;
allow tee self:netlink_socket { create bind read };
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment