Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 1 | # installer daemon |
| 2 | type installd, domain; |
| 3 | type installd_exec, exec_type, file_type; |
| 4 | |
| 5 | init_daemon_domain(installd) |
Nick Kralevich | 0c9708b | 2013-07-10 14:46:05 -0700 | [diff] [blame] | 6 | relabelto_domain(installd) |
Nick Kralevich | 51946bc | 2013-07-01 17:08:11 -0700 | [diff] [blame] | 7 | typeattribute installd mlstrustedsubject; |
| 8 | allow installd self:capability { chown dac_override fowner fsetid setgid setuid }; |
| 9 | allow installd system_data_file:file create_file_perms; |
| 10 | allow installd system_data_file:lnk_file create; |
| 11 | allow installd dalvikcache_data_file:file create_file_perms; |
| 12 | allow installd data_file_type:dir create_dir_perms; |
| 13 | allow installd data_file_type:dir { relabelfrom relabelto }; |
Nick Kralevich | 839af9e | 2013-09-09 18:40:41 -0700 | [diff] [blame] | 14 | allow installd data_file_type:{ file_class_set } { getattr unlink }; |
Nick Kralevich | 51946bc | 2013-07-01 17:08:11 -0700 | [diff] [blame] | 15 | allow installd apk_data_file:file r_file_perms; |
| 16 | allow installd apk_tmp_file:file r_file_perms; |
| 17 | allow installd system_file:file x_file_perms; |
| 18 | allow installd cgroup:dir create_dir_perms; |
jaejyn.shin | 9cc6d8d | 2013-12-24 08:59:53 +0900 | [diff] [blame] | 19 | allow installd download_file:dir { r_dir_perms write remove_name }; |
| 20 | allow installd download_file:file { r_file_perms unlink }; |
Nick Kralevich | 51946bc | 2013-07-01 17:08:11 -0700 | [diff] [blame] | 21 | dontaudit installd self:capability sys_admin; |
| 22 | # Check validity of SELinux context before use. |
| 23 | selinux_check_context(installd) |
| 24 | # Read /seapp_contexts and /data/security/seapp_contexts |
| 25 | security_access_policy(installd) |
| 26 | # ASEC |
| 27 | allow installd platform_app_data_file:lnk_file { create setattr }; |
| 28 | allow installd app_data_file:lnk_file { create setattr }; |
| 29 | allow installd asec_apk_file:file r_file_perms; |
Takeshi Aimi | f5e9000 | 2013-11-26 20:19:08 +0900 | [diff] [blame] | 30 | allow installd bluetooth_data_file:lnk_file { create setattr }; |
| 31 | allow installd nfc_data_file:lnk_file { create setattr }; |
| 32 | allow installd radio_data_file:lnk_file { create setattr }; |
| 33 | allow installd shell_data_file:lnk_file { create setattr }; |