Comments below. On Thu, Mar 8, 2012 at 9:53 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > On Thu, 2012-03-08 at 10:48 -0500, Stephen Smalley wrote: >> On Tue, 2012-03-06 at 19:28 -0600, Bryan Hinton wrote: >> > Change-Id: Iaf0aa012e48dd3084aae6f57c25a022b210308ff >> > --- >> > sepolicy.fc | 13 +++++++++++++ >> > sepolicy.te | 4 ++++ >> > 2 files changed, 17 insertions(+), 0 deletions(-) >> > create mode 100644 sepolicy.fc >> > create mode 100644 sepolicy.te >> > >> > diff --git a/sepolicy.fc b/sepolicy.fc >> > new file mode 100644 >> > index 0000000..b2f612b >> > --- /dev/null >> > +++ b/sepolicy.fc >> > @@ -0,0 +1,13 @@ >> > +/dev/cdma_.* u:object_r:radio_device:s0 >> > +/dev/lte_.* u:object_r:radio_device:s0 >> > + >> > +/dev/ttyO3 u:object_r:nfc_device:s0 >> > + >> > +/data/data/com.android.providers.telephony/databases(/.*)? u:object_r:radio_data_file:s0 >> > +/data/data/com.android.providers.telephony/optable.db u:object_r:radio_data_file:s0 >> > + >> > +/data/radio/nv_data.bin.* u:object_r:radio_data_file:s0 >> > +/factory(/.*)? u:object_r:efs_file:s0 >> > +/factory/nv_data.bin.* u:object_r:radio_data_file:s0 >> > + >> > +/sys/devices/platform/nfc-power/nfc_power -- u:object_r:sysfs_nfc_power_writable:s0 >> >> I was thinking some of these could go into the base file_contexts and >> only the ones that are truly unique to this device would go here. In >> particular, /data/data/com.android.providers.telephony seems to be a >> standard part of Android. Not sure about the rest. If the device or >> file name is relatively standard and would apply to more than one >> device, then we can add it to file_contexts. If it is truly unique to >> that one device or might refer to something completely different on a >> different device (as with tty03), then it should stay in the per-device >> file. > > Actually, the /data/data/com.android.providers.telephony directory is > already labeled radio_data_file because it has the radio UID and > seapp_contexts specifies radio_data_file for user=radio. So I don't > believe you need those entries at all. The files within the com.android.providers.telephony subdirectory were not getting labeled. However; I will rebuild and retest. > -- > Stephen Smalley > National Security Agency > -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
