On Mon, Jul 23, 2012 at 6:18 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
What actual permissions were required? link (create a hard link)On Thu, 2012-07-19 at 14:49 -0700, Haiqing Jiang wrote:
> From: hqjiang <hqjiang1988@xxxxxxxxx>
>
> ---
> installd.te | 2 ++
> 1 files changed, 2 insertions(+), 0 deletions(-)
>
> diff --git a/installd.te b/installd.te
> index 466125e..5211f0a 100644
> --- a/installd.te
> +++ b/installd.te
> @@ -20,3 +20,5 @@ dontaudit installd self:capability sys_admin;
> selinux_check_context(installd)
> # Read /seapp_contexts, presently on the rootfs.
> allow installd rootfs:file r_file_perms;
> +# Link/Unlink app_data_file
> +allow installd app_data_file:lnk_file link_file_perms;
doesn't make sense on a symlink (lnk_file). unlink and rename are
legitimate, but wondering whether anything other than unlink was
required.
--
Stephen Smalley
National Security Agency
-----------------------------------
Haiqing Jiang, PH.D studentComputer Science Department, North Carolina State University
