I want to achieve the result that just allow jd process to open and read
/data/audit/log/audit.log.
For this target, I add some rules in policy file.
And after that, I want to verify my policy. So, I create a test.c to read
/data/audit/log/audit.log. Using gcc to build the test.c to executable
test.The file test.c and test is in /home/pengfei.
-----------------------------------------------------------------
My modify policy are as follows:
--
First,
add new type in file.te
#/data/audit/log/audit.log
type sec_file, file_type, data_file_type;
#/home/test
type jd_exec, file_type;
--
add the contexts in the file_contexts
/data/audit/log/audit.log u:object_r:sec_file:s0
/home/pengfei/test u:object_r:jd_exec:s0
--
add rule in jd.te
allow jd sec_file:file {read, open };
allow jd jd_exec:file rx_file_perms;
-------------------------------------------------
How can I verify my policy? Can I create a executable file to imitate jd.
How to assign the conte
Please help me. Thanks advance.
_______________________________________________
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to
seandroid-list-requ...@tycho.nsa.gov.
