Add policy for x86 emulator.

author Stephen Smalley <sds@tycho.nsa.gov>

Fri, 20 Dec 2013 18:26:11 +0000 (13:26 -0500)

committer Stephen Smalley <sds@tycho.nsa.gov>

Fri, 20 Dec 2013 19:33:55 +0000 (14:33 -0500)
author Stephen Smalley <sds@tycho.nsa.gov>
Fri, 20 Dec 2013 18:26:11 +0000 (13:26 -0500)
committer Stephen Smalley <sds@tycho.nsa.gov>
Fri, 20 Dec 2013 19:33:55 +0000 (14:33 -0500)
diff --git a/target/board/generic_x86/BoardConfig.mk b/target/board/generic_x86/BoardConfig.mk

index ed7da38..2381fea 100644 (file)
--- a/target/board/generic_x86/BoardConfig.mk
+++ b/target/board/generic_x86/BoardConfig.mk
@@ -41,3 +41,11 @@ BOARD_CACHEIMAGE_PARTITION_SIZE := 69206016
  BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE := ext4
  BOARD_FLASH_BLOCK_SIZE := 512
  TARGET_USERIMAGES_SPARSE_EXT_DISABLED := true
+
+BOARD_SEPOLICY_DIRS += build/target/board/generic_x86/sepolicy
+BOARD_SEPOLICY_UNION += \
+        domain.te \
+        healthd.te \
+        installd.te \
+        system_server.te \
+        zygote.te
diff --git a/target/board/generic_x86/sepolicy/domain.te b/target/board/generic_x86/sepolicy/domain.te

new file mode 100644 (file)

index 0000000..0bc8d87
--- /dev/null
+++ b/target/board/generic_x86/sepolicy/domain.te
@@ -0,0 +1 @@
+allow domain cpuctl_device:dir search;
diff --git a/target/board/generic_x86/sepolicy/healthd.te b/target/board/generic_x86/sepolicy/healthd.te

new file mode 100644 (file)

index 0000000..95fa807
--- /dev/null
+++ b/target/board/generic_x86/sepolicy/healthd.te
@@ -0,0 +1 @@
+allow healthd self:capability sys_nice;
diff --git a/target/board/generic_x86/sepolicy/installd.te b/target/board/generic_x86/sepolicy/installd.te

new file mode 100644 (file)

index 0000000..7a558b1
--- /dev/null
+++ b/target/board/generic_x86/sepolicy/installd.te
@@ -0,0 +1 @@
+allow installd self:process execmem;
diff --git a/target/board/generic_x86/sepolicy/system_server.te b/target/board/generic_x86/sepolicy/system_server.te

new file mode 100644 (file)

index 0000000..5d98a14
--- /dev/null
+++ b/target/board/generic_x86/sepolicy/system_server.te
@@ -0,0 +1 @@
+allow system_server self:process execmem;
diff --git a/target/board/generic_x86/sepolicy/zygote.te b/target/board/generic_x86/sepolicy/zygote.te

new file mode 100644 (file)

index 0000000..93993a4
--- /dev/null
+++ b/target/board/generic_x86/sepolicy/zygote.te
@@ -0,0 +1,2 @@
+allow zygote self:process execmem;
+allow zygote self:capability sys_nice;
author	Stephen Smalley <sds@tycho.nsa.gov>
	Fri, 20 Dec 2013 18:26:11 +0000 (13:26 -0500)
committer	Stephen Smalley <sds@tycho.nsa.gov>
	Fri, 20 Dec 2013 19:33:55 +0000 (14:33 -0500)
target/board/generic_x86/BoardConfig.mk		patch \| blob \| history
target/board/generic_x86/sepolicy/domain.te	[new file with mode: 0644]	patch \| blob
target/board/generic_x86/sepolicy/healthd.te	[new file with mode: 0644]	patch \| blob
target/board/generic_x86/sepolicy/installd.te	[new file with mode: 0644]	patch \| blob
target/board/generic_x86/sepolicy/system_server.te	[new file with mode: 0644]	patch \| blob
target/board/generic_x86/sepolicy/zygote.te	[new file with mode: 0644]	patch \| blob