Yes, you are right. My private files are labeled as <domain>_data_file; thus, the rule r_dir_file(server_domain, domain) works great.
Thanks, Tai On 10/8/13 8:18 AM, "Stephen Smalley" <[email protected]> wrote: >On 10/07/2013 04:45 PM, Tai Nguyen (tainguye) wrote: >> I don't want to give server access to all client files (e.g., client >> private files); I just want to give server access to client's proc >>files. > >Let me try one more time: Only processes and /proc/pid files are >labeled with domain types. Nothing else. So none of the client's other >files are labeled with domain types and thus the server has no access to >any of the client's files other than its /proc/pid files when you grant >r_dir_file(serverdomain, clientdomain). > > > -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to [email protected] with the words "unsubscribe seandroid-list" without quotes as the message.
