Hi,
I have a scenario where daemon has to read the whole partition. There is no
filesystem on partition. So I can't provide access to specific files. When
I generate the rule from denial logs, it comes as follows:
allow daemon1 block_device:blk_file { read write getattr open ioctl };
It is not good idea to provide access to block device to any daemon. I want
to do as follows:
Suppose my partition is /dev/block/mmcblk0N
There is symlink that points to it, say mylink
mylink->/dev/block/mmcblk0N
Would it be possible to apply a label to symlink
/path/mylink <mylabel>
and then write the rule
allow daemon1 mylabel:blk_file { read write getattr open ioctl };
Could there be any issue with this?
Thanks,
Dinesh
_______________________________________________
Seandroid-list mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to
[email protected].
