Skip to content
Snippets Groups Projects
Commit fd783d1b authored by Nick Kralevich's avatar Nick Kralevich Committed by Gerrit Code Review
Browse files

Merge "Audit accesses on unlabeled files."

parents 5bbdb533 25628434
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
app.te
+ 1
0
View file @ fd783d1b
......@@ -126,6 +126,7 @@ allow appdomain dalvikcache_profiles_data_file:file write;
# For legacy unlabeled userdata on existing devices.
# See discussion of Unlabeled files in domain.te for more information.
allow appdomain unlabeled:file x_file_perms;
auditallow appdomain unlabeled:file x_file_perms;
###
### CTS-specific rules
......
domain.te
+ 3
0
View file @ fd783d1b
......@@ -154,6 +154,9 @@ allow domain { asec_public_file asec_apk_file }:dir r_dir_perms;
#
allow domain unlabeled:notdevfile_class_set { create_file_perms relabelfrom };
allow domain unlabeled:dir { create_dir_perms relabelfrom };
auditallow { domain -init } unlabeled:notdevfile_class_set { create_file_perms relabelfrom };
auditallow { domain -init -kernel } unlabeled:dir { create_dir_perms relabelfrom };
auditallow kernel unlabeled:dir ~search;
neverallow { domain -relabeltodomain } *:dir_file_class_set relabelto;
###
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment