On Wed, 2017-08-02 at 09:14 -0700, John Locke wrote:
> My understanding was that since domain is an attribute if I create a
> new domain of type "domain" I should get the same permissions as
> defined in domain.te. One of the allow rules in domain.te is to allow
> writing to logd but I find that unless I duplicate the same rule in
> my
> own te file I get an violation reported about this. Am I missing
> something here?
If you mean that you defined a new type and assigned it the domain
attribute, ala:
type my_type, domain;
then yes, it should inherit the allow rules defined on the domain
attribute automatically.
You'd need to provide more specifics to diagnose if you aren't seeing
that behavior, e.g. your actual .te file or relevant snippets, and the
rule you think ought to be inherited from domain.te.
Are you using AOSP master or a particular release/branch?
