Merge "Add neverallow rules further restricing service_manager."

commit: c0088b8064318210e775555ff4634994f7ab9e34 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Mon Jul 07 19:54:34 2014 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Mon Jul 07 17:50:18 2014 +0000
tree: b9b19ebf4db475bfb1da04eedfa76ee154881a0c
parent: b8bdfde3d0d23f4730155bba807276eb06a3aa48 [diff]
parent: 76206abc9f5140e85da2d4e4845eca2c4f3a6ad5 [diff]
diff --git a/ueventd.te b/ueventd.te
index 25460de..7d60c5a 100644
--- a/ueventd.te
+++ b/ueventd.te

@@ -10,7 +10,8 @@
 allow ueventd device:file create_file_perms;
 allow ueventd device:chr_file rw_file_perms;
 allow ueventd sysfs:file rw_file_perms;
-allow ueventd sysfs_type:file { relabelfrom relabelto setattr };
+allow ueventd sysfs_type:file { relabelfrom relabelto setattr getattr };
+allow ueventd sysfs_type:dir { relabelfrom relabelto setattr r_dir_perms };
 allow ueventd sysfs_devices_system_cpu:file rw_file_perms;
 allow ueventd tmpfs:chr_file rw_file_perms;
 allow ueventd dev_type:dir create_dir_perms;
commit	c0088b8064318210e775555ff4634994f7ab9e34	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Mon Jul 07 19:54:34 2014 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Mon Jul 07 17:50:18 2014 +0000
tree	b9b19ebf4db475bfb1da04eedfa76ee154881a0c
parent	b8bdfde3d0d23f4730155bba807276eb06a3aa48 [diff]
parent	76206abc9f5140e85da2d4e4845eca2c4f3a6ad5 [diff]