aboutsummaryrefslogtreecommitdiff
path: root/sepolicy/credmgrd.te
diff options
context:
space:
mode:
Diffstat (limited to 'sepolicy/credmgrd.te')
-rw-r--r--sepolicy/credmgrd.te10
1 files changed, 5 insertions, 5 deletions
diff --git a/sepolicy/credmgrd.te b/sepolicy/credmgrd.te
index 929a2ab..662b76d 100644
--- a/sepolicy/credmgrd.te
+++ b/sepolicy/credmgrd.te
@@ -61,15 +61,15 @@ allow credmgrd ion_device:chr_file { ioctl open read };
#============= credmgr init script ==============
allow credmgrd cache_file:dir { add_name search };
-allow credmgrd cache_file:file { create getattr open read unlink write };
-allow credmgrd credmgrd_data_file:dir { getattr relabelto reparent rename rmdir search };
-allow credmgrd devpts:chr_file { getattr ioctl open read write };
+allow credmgrd credmgrd_data_file:dir { add_name getattr relabelto reparent rename rmdir search };
+allow credmgrd credmgrd_data_file:file { append getattr open read unlink write };
+allow credmgrd credmgrd_prop:property_service set;
+allow credmgrd init:unix_stream_socket connectto;
allow credmgrd property_socket:sock_file write;
allow credmgrd shell_exec:file { getattr read };
-allow credmgrd system_data_file:dir { add_name remove_name write };
allow credmgrd system_file:file execute_no_trans;
allow credmgrd system_prop:property_service set;
-allow credmgrd system_data_file:dir { create relabelfrom setattr };
+allow credmgrd system_data_file:dir { add_name create relabelfrom remove_name setattr write };
#TODO: wrong labeled on dest socket?
allow credmgrd init:unix_stream_socket connectto;
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 10:50:03 +0000