sepolicy: add rule for cne logging
add a rule for allow enabling cne debug logging. Change-Id: I266b224cf1af720f664f504019f0098d7d258712
This commit is contained in:
Boxiang Pan
committed by
Gerrit - the friendly Code Review server
Gerrit - the friendly Code Review server
parent
f9737d1a54
commit
b00e855871
@@ -5,6 +5,7 @@ file_type_auto_trans(cnd, socket_device, cnd_socket);
|
||||
|
||||
# cnd is started by init, type transit from init domain to cnd domain
|
||||
init_daemon_domain(cnd)
|
||||
type_transition cnd system_data_file:{ file } cnd_data_file;
|
||||
# associate netdomain as an attribute of cnd domain
|
||||
net_domain(cnd)
|
||||
|
||||
@@ -31,7 +32,7 @@ allow cnd init:unix_stream_socket connectto;
|
||||
allow cnd kernel:system module_request;
|
||||
|
||||
# allow cnd to access cnd_data_file
|
||||
allow cnd cnd_data_file:file create_file_perms;
|
||||
allow cnd cnd_data_file:file { create_file_perms execute };
|
||||
allow cnd cnd_data_file:sock_file { unlink create setattr };
|
||||
allow cnd cnd_data_file:dir { open read write add_name remove_name search };
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@ type pps_socket, file_type;
|
||||
|
||||
# Define cnd socket and data file type
|
||||
type cnd_socket, file_type;
|
||||
type cnd_data_file, file_type;
|
||||
type cnd_data_file, data_file_type;
|
||||
|
||||
# Define dpmd data file type
|
||||
type dpmd_socket, file_type;
|
||||
|
||||
Reference in New Issue
Block a user