287 files changed, 177798 insertions, 0 deletions
diff --git a/sepolicy/imageserver.te b/sepolicy/imageserver.te new file mode 100644 index 0000000..4f68d0e --- a/dev/null +++ b/sepolicy/imageserver.te @@ -0,0 +1,44 @@ +type imageserver, domain; +type imageserver_exec, exec_type, vendor_file_type, file_type; + +typeattribute imageserver mlstrustedsubject; + +init_daemon_domain(imageserver) + +allow imageserver vendor_file:file { execute }; + +#allow imageserver shell_exec:file rx_file_perms; +#allow imageserver system_file:file execute_no_trans; + +#allow imageserver imageserver_service:service_manager add; + +#allow imageserver imageserver_exec:file { entrypoint read }; + +#allow imageserver self:process execmem; + +#binder_use(imageserver); +#binder_call(imageserver, binderservicedomain) +#binder_call(imageserver, appdomain) +#binder_service(imageserver) + +#allow imageserver self:capability dac_override; +#allow imageserver self:capability dac_read_search; + +#allow imageserver appdomain:file { r_file_perms }; +#allow imageserver fuse:dir r_dir_perms; +#allow imageserver fuse:file r_file_perms; +#allow imageserver app_data_file:file rw_file_perms; +#allow imageserver system_file:file execmod; + +#allow imageserver app_data_file:dir search; + +#allow imageserver system_control_service:service_manager find; + +#allow imageserver { mnt_user_file storage_file }:dir { getattr search }; +#allow imageserver { mnt_user_file storage_file }:lnk_file { getattr read }; +#allow imageserver permission_service:service_manager find; + +#allow imageserver picture_device:chr_file { read write open ioctl }; +#allow imageserver kernel:system module_request; + +#allow imageserver tmpfs:dir { getattr search }; |