Name-based type transitions are only based on a single component name, not a pathname relative to the root.
type_transition X system_data_file:dir app_1_data_file "dir1"; Also, there is a macro in te_macros, file_type_auto_trans() for regular unnamed file type transitions, but we often do not use it because we prefer to be specific to a particular class and it defines the rule for all non-device file classes. On Sun, Nov 17, 2013 at 3:06 PM, William Roberts <[email protected]> wrote: > > On Nov 17, 2013 11:04 AM, "Jaejyn Shin" <[email protected]> wrote: >> >> Thank you for your comments. These were very helpful. >> >> One more question, >> one application (app_1) created a directory (dir_1) under /data/system >> during run-time >> and I already writed the labeling of dir_1 in the file_context. >> >> /data/system/dir_1(/.*)? u:object_r:app_1_data_file:s0 >> But the /data/system/dir_1 have still system_data_file context >> It can be changed to app_1_data_file after I run "restorecon >> /data/system/dir_1". >> >> How can I label the directory which application create dynamically during >> run-time without running "restorecon" ? >> Is there some useful macro? >> > > No macro, but suppose your application is running as type X > > type_transition X system_data_file:file app_1_data_file; > > But some words of caution: > This will cause all file's to be typ-transitioned if they meet this rule, so > if you have > 5 apps running in context X, you may accidentally transition too many files. > if you create > that directory under init.rc, then the context will get picked up via the > init builtin > and the proper context applied. if app_1 is creating the directory, then you > could type transition the mkdir, and optionally give it a hint: > > No hint: > type_transition X system_data_file:dir app_1_data_file; > > With hint: > type_transition X system_data_file:dir app_1_data_file "system/dir_1"; > > Note that the hint is relative to the mount point. > > Hope it helps > > Bill > > <snip> -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to [email protected] with the words "unsubscribe seandroid-list" without quotes as the message.
