Skip to content
Snippets Groups Projects
Commit bc2b76b0 authored by Jeff Vander Stoep's avatar Jeff Vander Stoep
Browse files

kernel: grant perms from domain_deprecated

In preparation of removing permissions from domain_deprecated.

Addresses:
avc: denied { read } for name="enforce" dev="selinuxfs" ino=4 scontext=u:r:kernel:s0 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1
avc: denied { open } for path="/sys/fs/selinux/enforce" dev="selinuxfs" ino=4 scontext=u:r:kernel:s0 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1
avc: denied { read } for name="selinux_version" dev="rootfs" ino=4765 scontext=u:r:kernel:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=1
avc: denied { open } for path="/selinux_version" dev="rootfs" ino=4765 scontext=u:r:kernel:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=1
avc: denied { getattr } for path="/selinux_version" dev="rootfs" ino=4765 scontext=u:r:kernel:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=1

Change-Id: I62cbffe85941677283d3b7bf8fc1c437671569a3
parent cdae042a
No related branches found
No related tags found
No related merge requests found
...@@ -3,6 +3,15 @@ type kernel, domain, domain_deprecated, mlstrustedsubject; ...@@ -3,6 +3,15 @@ type kernel, domain, domain_deprecated, mlstrustedsubject;
allow kernel self:capability sys_nice; allow kernel self:capability sys_nice;
# Root fs.
allow kernel rootfs:dir r_dir_perms;
allow kernel rootfs:file r_file_perms;
allow kernel rootfs:lnk_file r_file_perms;
# Get SELinux enforcing status.
allow kernel selinuxfs:dir r_dir_perms;
allow kernel selinuxfs:file r_file_perms;
# Allow init relabel itself. # Allow init relabel itself.
allow kernel rootfs:file relabelfrom; allow kernel rootfs:file relabelfrom;
allow kernel init_exec:file relabelto; allow kernel init_exec:file relabelto;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment