On Mon, 2012-07-23 at 10:22 -0700, Haiqing Jiang wrote:
> From: hqjiang <hqjiang1988@xxxxxxxxx>
>
> ---
> installd.te | 2 ++
> 1 files changed, 2 insertions(+), 0 deletions(-)
Applied. However notice that you could have done this more generally by
using the data_file_type attribute or even combining into the earlier
rule, e.g.
-allow installd data_file_type:file { getattr unlink };
+allow installd data_file_type:{ file lnk_file } { getattr unlink };
>
> diff --git a/installd.te b/installd.te
> index 466125e..ce9122b 100644
> --- a/installd.te
> +++ b/installd.te
> @@ -20,3 +20,5 @@ dontaudit installd self:capability sys_admin;
> selinux_check_context(installd)
> # Read /seapp_contexts, presently on the rootfs.
> allow installd rootfs:file r_file_perms;
> +# Unlink app_data_file
> +allow installd app_data_file:lnk_file unlink;
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
