Yes, you are correct. That mount point needs a label and the security context should be set. Bryan Hinton On Mon, Mar 5, 2012 at 8:42 PM, Subramani Venkatesh <selinuxv31@xxxxxxxxx> wrote: > Hi Bryan, > Thanks for the patch you posted earlier, I tried adding your changes, > some changes works, some did not take effect for example > "+/factory/nv_data.bin.* u:object_r:radio_data_file:s0", I > am seeing /factory directory as unlabeled, not sure what I am missing, > do we need to do any change to init.rc file? > > Regards, > Subbu > > > > > > On Fri, Mar 2, 2012 at 5:16 PM, Bryan Hinton <bryan@xxxxxxxxxxxxxxx> wrote: >> I agree. A per-device file_contexts file makes sense given the >> variation in radio types between ICS based devices. >> >> On Fri, Mar 2, 2012 at 2:26 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: >>> On Fri, 2012-03-02 at 11:51 -0600, Bryan Hinton wrote: >>>> Here is the latest policy that I am using. >>> >>> BTW, I think we will ultimately need some per-device policy files that >>> get merged into the policy, much as there are per-device >>> ueventd.<board>.rc and init.<board>.rc files. At least for >>> file_contexts, and possibly for policy rules as well. >>> >>> -- >>> Stephen Smalley >>> National Security Agency >>> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.