[prev in list] [next in list] [prev in thread] [next in thread] 

List:       selinux
Subject:    Re: [PATCH 1/1] socket permissions to untrusted_app
From:       Stephen Smalley <sds () tycho ! nsa ! gov>
Date:       2012-07-30 12:56:22
Message-ID: 1343652982.2346.20.camel () moss-pluto ! epoch ! ncsc ! mil
[Download RAW message or body]

On Fri, 2012-07-27 at 15:16 -0700, Haiqing Jiang wrote:
> ---
>  app.te |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)

Thanks, applied.  Future work:  Extend SELinux kernel code and policy to
distinguish a separate security class for bluetooth sockets.

> 
> diff --git a/app.te b/app.te
> index be0983f..41866d9 100644
> --- a/app.te
> +++ b/app.te
> @@ -105,7 +105,7 @@ unix_socket_connect(untrusted_app, dnsproxyd, netd)
>  }
>  # Bluetooth access.
>  bool app_bluetooth false;
> -if (app_bluetooth) {
> +if (app_bluetooth or android_cts) {
>  # No specific SELinux class for bluetooth sockets presently.
>  allow untrusted_app self:socket *;
>  }

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]