summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPraneeth Bajjuri2019-05-08 23:53:51 -0500
committerPraneeth Bajjuri2019-05-09 16:14:20 -0500
commite2702c7374e805f13f22a0a5884bbbb643482e4a (patch)
tree6b4ebd1f0d7e691d4d757905cd922727c3f1fd76
parent114e076c58776e81cc308a8d4c14b4a51345b76f (diff)
downloaddevice-ti-j721e-e2702c7374e805f13f22a0a5884bbbb643482e4a.tar.gz
device-ti-j721e-e2702c7374e805f13f22a0a5884bbbb643482e4a.tar.xz
device-ti-j721e-e2702c7374e805f13f22a0a5884bbbb643482e4a.zip
am65xevm: sepolicy: dontaudit dac_read_search
picked changes from 'commit 88a08af230b58 ("am65xevm: Pulling sepolicies from am57xevm")' Signed-off-by: Praneeth Bajjuri <praneeth@ti.com>
-rw-r--r--sepolicy/init.te1
-rw-r--r--sepolicy/installd.te1
-rw-r--r--sepolicy/lmkd.te1
-rw-r--r--sepolicy/vold.te1
-rw-r--r--sepolicy/zygote.te1
5 files changed, 5 insertions, 0 deletions
diff --git a/sepolicy/init.te b/sepolicy/init.te
index 2329198..6ca3454 100644
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
@@ -9,3 +9,4 @@ allow init configfs:file write;
9allow init configfs:lnk_file { create unlink } ; 9allow init configfs:lnk_file { create unlink } ;
10 10
11dontaudit init proc:file write; 11dontaudit init proc:file write;
12dontaudit init self:capability dac_read_search;
diff --git a/sepolicy/installd.te b/sepolicy/installd.te
new file mode 100644
index 0000000..e0495b8
--- /dev/null
+++ b/sepolicy/installd.te
@@ -0,0 +1 @@
dontaudit installd self:capability dac_read_search;
diff --git a/sepolicy/lmkd.te b/sepolicy/lmkd.te
new file mode 100644
index 0000000..e2d26d5
--- /dev/null
+++ b/sepolicy/lmkd.te
@@ -0,0 +1 @@
dontaudit lmkd self:capability dac_read_search;
diff --git a/sepolicy/vold.te b/sepolicy/vold.te
new file mode 100644
index 0000000..27ec6a0
--- /dev/null
+++ b/sepolicy/vold.te
@@ -0,0 +1 @@
dontaudit vold self:capability dac_read_search;
diff --git a/sepolicy/zygote.te b/sepolicy/zygote.te
new file mode 100644
index 0000000..05f7616
--- /dev/null
+++ b/sepolicy/zygote.te
@@ -0,0 +1 @@
dontaudit zygote self:capability dac_read_search;