Target the denials/policies over qtaguid file and device: 1. Relabel /proc/net/xt_qtaguid/ctrl from "qtaguid" to "qtaguid_proc"; 2. Label /dev/xt_qtaguid with "qtaguid_device"; 3. Allow mediaserver read/[write] to qtaguid_proc and qtaguid_device; 4. Allow media apps read/[write] to qtaguid_proc and qtaguid_device; 5. Allow system read/[write] to qtaguid_proc and qtaguid_device. Actually, some of policies related to qtaguid have been there already, but we refind existing ones and add new ones.

commit: 4c06d273bc3d278e7061bf93cfa97fdf2a4e8ee3 [log] [tgz]
author: hqjiang <hqjiang1988@gmail.com> Thu Jul 19 11:07:04 2012 -0700
committer: Stephen Smalley <sds@tycho.nsa.gov> Thu Jul 19 16:11:24 2012 -0400
tree: af422127e590840b7dd3f4c0adb2f4346758c15d
parent: 20d6963ac27b3d401922450ce8dcb89749c20404 [diff] [blame]
diff --git a/file_contexts b/file_contexts
index 39c4363..f7abbb7 100644
--- a/file_contexts
+++ b/file_contexts

@@ -77,6 +77,7 @@
 /dev/urandom		u:object_r:urandom_device:s0
 /dev/vcs[0-9a-z]*	u:object_r:vcs_device:s0
 /dev/video[0-9]*	u:object_r:video_device:s0
+/dev/xt_qtaguid	u:object_r:qtaguid_device:s0
 /dev/zero		u:object_r:zero_device:s0
 #############################
 # System files
commit	4c06d273bc3d278e7061bf93cfa97fdf2a4e8ee3	[log] [tgz]
author	hqjiang <hqjiang1988@gmail.com>	Thu Jul 19 11:07:04 2012 -0700
committer	Stephen Smalley <sds@tycho.nsa.gov>	Thu Jul 19 16:11:24 2012 -0400
tree	af422127e590840b7dd3f4c0adb2f4346758c15d
parent	20d6963ac27b3d401922450ce8dcb89749c20404 [diff] [blame]