run-as policy fixes. - Remove dac_read_search as it is no longer required by run-as. - Introduce a separate type for /dev/tty so that we can allow use of own tty for for a run-as shell without allowing access to other /dev/tty[0-9]* nodes. - Allow sigchld notifications for death of run-as and its descendants by adbd. - Drop redundant rules for executing shell or system commands from untrusted_app; now covered by rules in app.te. Change-Id: Ic3bf7bee9eeabf9ad4a20f61fbb142a64bb37c6c

commit: 74ba8c86137d85285a09780999b79034c7e935b1 [log] [tgz]
author: Stephen Smalley <sds@tycho.nsa.gov> Fri Apr 05 14:22:27 2013 -0400
committer: repo sync <gcondra@google.com> Fri Apr 05 13:11:12 2013 -0700
tree: 7f0e61df8212d90215a1d9d79d8e942d2f1fe848
parent: ffd8c441a5903772af1705ddea5756d117bc9ec9 [diff] [blame]
diff --git a/file_contexts b/file_contexts
index 1e34bd9..ccbb99a 100644
--- a/file_contexts
+++ b/file_contexts

@@ -101,6 +101,7 @@
 /dev/spdif_out.*	u:object_r:audio_device:s0
 /dev/tegra.*		u:object_r:video_device:s0
 /dev/tf_driver		u:object_r:tee_device:s0
+/dev/tty		u:object_r:owntty_device:s0
 /dev/tty[0-9]*		u:object_r:tty_device:s0
 /dev/ttyS[0-9]*		u:object_r:serial_device:s0
 /dev/tun		u:object_r:tun_device:s0
commit	74ba8c86137d85285a09780999b79034c7e935b1	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Fri Apr 05 14:22:27 2013 -0400
committer	repo sync <gcondra@google.com>	Fri Apr 05 13:11:12 2013 -0700
tree	7f0e61df8212d90215a1d9d79d8e942d2f1fe848
parent	ffd8c441a5903772af1705ddea5756d117bc9ec9 [diff] [blame]