Switch the qemud domain from unconfined_domain() to
permissive_or_unconfined() so that we can start collecting and
addressing denials in -userdebug/-eng builds.
Also allow access to the serial device.
Change-Id: I9c7a6ddc8c2e64bfc6c5bb896eed1729ab205d60
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
type qemud_exec, exec_type, file_type;
init_daemon_domain(qemud)
-unconfined_domain(qemud)
+permissive_or_unconfined(qemud)
+
+# Access /dev/ttyS1.
+allow qemud serial_device:chr_file rw_file_perms;