I want to achieve the result that just allow jd process to open and read /data/audit/log/audit.log. For this target, I add some rules in policy file. And after that, I want to verify my policy. So, I create a test.c to read /data/audit/log/audit.log. Using gcc to build the test.c to executable test.The file test.c and test is in /home/pengfei. ----------------------------------------------------------------- My modify policy are as follows: -- First, add new type in file.te #/data/audit/log/audit.log type sec_file, file_type, data_file_type; #/home/test type jd_exec, file_type; -- add the contexts in the file_contexts /data/audit/log/audit.log u:object_r:sec_file:s0 /home/pengfei/test u:object_r:jd_exec:s0 -- add rule in jd.te allow jd sec_file:file {read, open }; allow jd jd_exec:file rx_file_perms; ------------------------------------------------- How can I verify my policy? Can I create a executable file to imitate jd. How to assign the conte
Please help me. Thanks advance.
_______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.