From b1eee63ebf2a4e7d34922d15a1028bbbdcca9016 Mon Sep 17 00:00:00 2001
From: nailyk-fr <nailyk_git@nailyk.fr>
Date: Sun, 23 Apr 2017 21:54:08 +0200
Subject: shinano-common: sepolicy: Reorganise policies

* No policies added or removed, only moved between
  files to improve se linux management.

Change-Id: Ifa7cb9ce84f75c99f2d96dd0a71ced26f2580ba9
---
 sepolicy/idd.te | 48 +++++++++++++++++-------------------------------
 1 file changed, 17 insertions(+), 31 deletions(-)

(limited to 'sepolicy/idd.te')

diff --git a/sepolicy/idd.te b/sepolicy/idd.te
index 1a59cc4..df2eb1c 100644
--- a/sepolicy/idd.te
+++ b/sepolicy/idd.te
@@ -1,46 +1,32 @@
-type iddd, domain; 
+# iddd daemon
+type iddd, domain;
 
-type iddd_exec, exec_type, file_type; 
+type iddd_exec, exec_type, file_type;
 init_daemon_domain(iddd)
 
+type_transition iddd system_data_file:file iddd_file;
+
 allow iddd self:socket create_socket_perms;
+allow iddd iddd_file:sock_file { create setattr unlink write };
+
 allow iddd iddd_file:fifo_file rw_file_perms;
 allow iddd iddd_file:file rw_file_perms;
-allow iddd iddd_file:dir rw_file_perms;
-allow iddd iddd_file:dir { add_name remove_name search };
 allow iddd iddd_file:file { create rename unlink };
-allow iddd iddd_file:sock_file { create setattr unlink write };
-
-
-type_transition iddd system_data_file:file iddd_file;
-
-type credmgr, domain;
-type credmgr_exec, exec_type, file_type;
-init_daemon_domain(credmgr);
-
-
-type scd, domain;
-type scd_exec, exec_type, file_type;
-type scd_data, file_type;
-init_daemon_domain(scd)
+allow iddd iddd_file:dir rw_file_perms;
+allow iddd iddd_file:dir { add_name create remove_name search };
 
-type wv,domain;
-type wv_exec, exec_type, file_type;
-init_daemon_domain(wv)
+# TODO: label the right way / Allow context change
+allow iddd system_file:file execute_no_trans;
+allow iddd iddd_exec:file execute_no_trans;
 
-#iddd logd
+# Allow iddd send to logd
 allow iddd logd:unix_stream_socket connectto;
 allow iddd logdr_socket:sock_file write;
 
-#============= system_server ==============
-allow system_server credmgr_exec:dir search;
-allow system_server credmgr_exec:file { getattr open read };
-allow system_server iddd_exec:dir search;
-allow system_server iddd_exec:file { getattr open read };
+# Allow file system create (we use tmpfs now)
 allow iddd tmpfs:lnk_file read;
-#============= iddd ==============
-allow iddd iddd_exec:file execute_no_trans;
-allow iddd iddd_file:dir create;
+allow iddd tmpfs:dir search;
+
+# Allow proc socket search
 allow iddd proc:file { getattr open read };
 
-allow iddd tmpfs:dir search;
-- 
cgit v1.2.3