Using r_dir_file macro in domain.te r_dir_file(domain, self) allow domain self:dir r_dir_perms; allow domain self:lnk_file r_file_perms; allow domain self:file r_file_perms; te_macros define(`r_dir_file', ` allow $1 $2:dir r_dir_perms; allow $1 $2:{ file lnk_file } r_file_perms; ') Change-Id: I7338f63a1eaa8ca52cd31b51ce841e3dbe46ad4f

commit: 093ea6fb9a284acbce10641f8743de24abd70734 [log] [tgz]
author: SimHyunYong <jonesn5508@gmail.com> Tue Jan 26 16:22:12 2016 +0900
committer: SimHyunYong <jonesn5508@gmail.com> Wed Jan 27 07:54:47 2016 +0900
tree: ec8b4a09740e31eac1218c1a76a65b5dfc072889
parent: cdae042a07cda569f2366cb8f6b0b036f0a8c634 [diff]
diff --git a/domain.te b/domain.te
index 60025fd..6d2eadc 100644
--- a/domain.te
+++ b/domain.te

@@ -24,8 +24,7 @@
 allow domain self:fd use;
 allow domain proc:dir search;
 allow domain proc_net:dir search;
-allow domain self:dir r_dir_perms;
-allow domain self:lnk_file r_file_perms;
+r_dir_file(domain, self)
 allow domain self:{ fifo_file file } rw_file_perms;
 allow domain self:unix_dgram_socket { create_socket_perms sendto };
 allow domain self:unix_stream_socket { create_stream_socket_perms connectto };
commit	093ea6fb9a284acbce10641f8743de24abd70734	[log] [tgz]
author	SimHyunYong <jonesn5508@gmail.com>	Tue Jan 26 16:22:12 2016 +0900
committer	SimHyunYong <jonesn5508@gmail.com>	Wed Jan 27 07:54:47 2016 +0900
tree	ec8b4a09740e31eac1218c1a76a65b5dfc072889
parent	cdae042a07cda569f2366cb8f6b0b036f0a8c634 [diff]