On Tue, Jan 15, 2013 at 9:32 PM, Joshua Brindle <[email protected]> wrote:
> William Roberts wrote: > >> On Tue, Jan 15, 2013 at 6:06 PM, Joshua Brindle<[email protected]> >> wrote: >> >>> William Roberts wrote: >>> >>>> In watchdog.te their is: >>>> >>>> # because of /dev/__kmsg__ and /dev/__null__ >>>> allow watchdogd device:chr_file create_file_perms; >>>> >>>> Would a dynamic type transition not work for this? >>>> >>> >>> Transitions are only hints, you still need full privileges to create the >>> file type and write to the directory or the type transition will fail. >>> >> >> But would it avoid read/write on device:file? >> >> > Oops, missed that that was actually the question. If Robert is right and > they are transient it might be fine to label them watchdog_device and if > they get leaked somehow the next process won't be able to open them. > > > That was the thought for writing the policy that way. > -- > This message was distributed to subscribers of the seandroid-list mailing > list. > If you no longer wish to subscribe, send mail to [email protected] > the words "unsubscribe seandroid-list" without quotes as the message. >
