diff options
| author | Tomasz Swierczek <t.swierczek@samsung.com> | 2020-08-07 14:48:53 +0200 |
|---|---|---|
| committer | Tomasz Swierczek <t.swierczek@samsung.com> | 2020-08-07 15:08:29 +0200 |
| commit | 1b8de399cc39ccec8443c2d75929e60917e2975e (patch) | |
| tree | 8a37afda39c6749259afad4d686290f507bf1a38 | |
| parent | 61c4f807d3e2dd5f38c83ab0d3c751daf23853d6 (diff) | |
| download | default-ac-domains-accepted/tizen_6.0_unified.tar.gz default-ac-domains-accepted/tizen_6.0_unified.tar.bz2 default-ac-domains-accepted/tizen_6.0_unified.zip | |
Add internet & appdebugging privilege labels & their policytizen_6.5.m2_releasetizen_6.0.m2_releasesubmit/tizen_base/20210823.195720submit/tizen_6.5_base/20211028.133901submit/tizen_6.0_hotfix/20201103.114804submit/tizen_6.0_hotfix/20201102.192504submit/tizen_6.0/20201029.205104submit/tizen/20200915.110745accepted/tizen/unified/20200916.121706accepted/tizen/base/20210823.065438accepted/tizen/6.5/base/20211028.055200accepted/tizen/6.0/unified/hotfix/20201103.004345accepted/tizen/6.0/unified/20201030.114845tizen_6.5_basetizen_6.0_hotfixtizen_6.0accepted/tizen_unifiedaccepted/tizen_6.5_baseaccepted/tizen_6.0_unified_hotfixaccepted/tizen_6.0_unified
Replacing nether with Smack-based network control requires
new labels that will be associated with network.
Added also policy for system daemons.
Change-Id: Ib06ff1bed4daede5e8aeefbcf8ac9e284b5193c3
| -rw-r--r-- | packaging/default-ac-domains.manifest | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/packaging/default-ac-domains.manifest b/packaging/default-ac-domains.manifest index 1afa633..ea01827 100644 --- a/packaging/default-ac-domains.manifest +++ b/packaging/default-ac-domains.manifest @@ -20,6 +20,44 @@ </permit> </define> <define> + <domain name="System::Privilege::Internet" policy="shared"/> + <request> + <smack request="User" type="w"/> + <smack request="User::Shell" type="w"/> + <smack request="System" type="w"/> + <smack request="System::Privileged" type="w"/> + <smack request="System::TEF" type="w"/> + <smack request="_" type="w"/> + </request> + <permit> + <smack permit="User" type="w"/> + <smack permit="User::Shell" type="w"/> + <smack permit="System" type="w"/> + <smack permit="System::Privileged" type="w"/> + <smack permit="System::TEF" type="w"/> + <smack permit="_" type="w"/> + </permit> + </define> + <define> + <domain name="System::Privilege::AppDebugging" policy="shared"/> + <request> + <smack request="User" type="w"/> + <smack request="User::Shell" type="w"/> + <smack request="System" type="w"/> + <smack request="System::Privileged" type="w"/> + <smack request="System::TEF" type="w"/> + <smack request="_" type="w"/> + </request> + <permit> + <smack permit="User" type="w"/> + <smack permit="User::Shell" type="w"/> + <smack permit="System" type="w"/> + <smack permit="System::Privileged" type="w"/> + <smack permit="System::TEF" type="w"/> + <smack permit="_" type="w"/> + </permit> + </define> + <define> <domain name="System::Privileged" policy="shared"/> <request> <smack request="System" type="rwxat"/> |