Merge changes Icd71c967,I3fd90ad9 * changes: Do not permit appdomain to create/write to download_file. Remove duplicated rules between appdomain and isolated_app.

commit: d1f448d4a53f87ae416aeb84ecf21bb703cc4c80 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Fri Sep 13 19:59:46 2013 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Fri Sep 13 19:59:47 2013 +0000
tree: 571c59a36a99d664a9bc539bac12b33a3bab658d
parent: 29326eda65b121fe0edbbae43bc463af17aaed9b [diff]
parent: 17454cf805748a8792608a44bbfddb00fb918841 [diff]
diff --git a/domain.te b/domain.te
index 7c9e7a6..3db35d7 100644
--- a/domain.te
+++ b/domain.te

@@ -103,9 +103,8 @@
 # For /sys/qemu_trace files in the emulator.
 bool in_qemu false;
 if (in_qemu) {
-allow domain sysfs:file rw_file_perms;
-}
 allow domain sysfs_writable:file rw_file_perms;
+}
 
 # Read access to pseudo filesystems.
 r_dir_file(domain, proc)

diff --git a/file_contexts b/file_contexts
index 81b9da9..a70ab83 100644
--- a/file_contexts
+++ b/file_contexts

@@ -208,7 +208,7 @@
 #############################
 # sysfs files
 #
-/sys/qemu_trace/process_name	--	u:object_r:sysfs_writable:s0
+/sys/qemu_trace(/.*)?	--	u:object_r:sysfs_writable:s0
 /sys/devices/platform/nfc-power/nfc_power -- u:object_r:sysfs_nfc_power_writable:s0
 /sys/class/rfkill/rfkill[0-9]*/state -- u:object_r:sysfs_bluetooth_writable:s0
 /sys/class/rfkill/rfkill[0-9]*/type -- u:object_r:sysfs_bluetooth_writable:s0
commit	d1f448d4a53f87ae416aeb84ecf21bb703cc4c80	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Fri Sep 13 19:59:46 2013 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Fri Sep 13 19:59:47 2013 +0000
tree	571c59a36a99d664a9bc539bac12b33a3bab658d
parent	29326eda65b121fe0edbbae43bc463af17aaed9b [diff]
parent	17454cf805748a8792608a44bbfddb00fb918841 [diff]