| Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 1 | # installer daemon |
| 2 | type installd, domain; |
| 3 | type installd_exec, exec_type, file_type; |
| 4 | |
| 5 | init_daemon_domain(installd) |
| 6 | typeattribute installd mlstrustedsubject; |
| 7 | allow installd self:capability { chown dac_override fowner fsetid setgid setuid }; |
| 8 | allow installd system_data_file:file create_file_perms; |
| 9 | allow installd system_data_file:lnk_file create; |
| 10 | allow installd dalvikcache_data_file:file create_file_perms; |
| 11 | allow installd data_file_type:dir create_dir_perms; |
| 12 | allow installd data_file_type:dir { relabelfrom relabelto }; |
| Haiqing Jiang | f6ca160 | 2012-07-27 13:13:19 -0700 | [diff] [blame] | 13 | allow installd data_file_type:{ file lnk_file } { getattr unlink }; |
| Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 14 | allow installd apk_data_file:file r_file_perms; |
| Stephen Smalley | 59d2803 | 2012-03-19 10:24:52 -0400 | [diff] [blame] | 15 | allow installd apk_tmp_file:file r_file_perms; |
| Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 16 | allow installd system_file:file x_file_perms; |
| 17 | allow installd cgroup:dir create_dir_perms; |
| 18 | dontaudit installd self:capability sys_admin; |
| 19 | # Check validity of SELinux context before use. |
| 20 | selinux_check_context(installd) |
| 21 | # Read /seapp_contexts, presently on the rootfs. |
| 22 | allow installd rootfs:file r_file_perms; |
| rpcraig | 7672eac | 2012-10-22 13:50:01 -0400 | [diff] [blame] | 23 | # ASEC |
| 24 | allow installd platform_app_data_file:lnk_file { create setattr }; |
| 25 | allow installd app_data_file:lnk_file { create setattr }; |
| 26 | allow installd asec_apk_file:file r_file_perms; |
