ueventd: Add policy support for ueventd labeling changes
Currently, ueventd only modifies the SELinux label on a file if the entry exists in /ueventd.rc. Add policy support to enable an independent restorecon_recursive whenever a uevent message occurs. Change-Id: I0ccb5395ec0be9282095b844a5022e8c0d8903ac
This commit is contained in:
parent
5b2ed83357
commit
b8bdfde3d0
@ -10,7 +10,8 @@ allow ueventd self:capability { chown mknod net_admin setgid fsetid sys_rawio da
|
||||
allow ueventd device:file create_file_perms;
|
||||
allow ueventd device:chr_file rw_file_perms;
|
||||
allow ueventd sysfs:file rw_file_perms;
|
||||
allow ueventd sysfs_type:file { relabelfrom relabelto setattr };
|
||||
allow ueventd sysfs_type:file { relabelfrom relabelto setattr getattr };
|
||||
allow ueventd sysfs_type:dir { relabelfrom relabelto setattr r_dir_perms };
|
||||
allow ueventd sysfs_devices_system_cpu:file rw_file_perms;
|
||||
allow ueventd tmpfs:chr_file rw_file_perms;
|
||||
allow ueventd dev_type:dir create_dir_perms;
|
||||
|
Loading…
Reference in New Issue
Block a user