Support for ocontexts per device. ocontexts was split up into 4 files: 1.fs_use 2.genfs_contexts 3.initial_sid_contexts 4.port_contexts Each file has their respective declerations in them. Devices, in their respective device directory, can now specify sepolicy.fs_use, sepolicy.genfs_contexts, sepolicy.port_contexts, and sepolicy.initial_sid_contexts. These declerations will be added right behind their respective sepolicy counterparts in the concatenated configuration file.

commit: dc1072365e99cef38e0d234989ba29e0e2df2b4c [log] [tgz]
author: William Roberts <bill.c.roberts@gmail.com> Wed Jul 11 16:46:38 2012 -0700
committer: Stephen Smalley <sds@tycho.nsa.gov> Thu Jul 12 10:02:45 2012 -0400
tree: ebe6ae75792c81ce495b825a8e6770229f13360c
parent: 96bf5059621cd3903e1a402b2c90dbb652aedf90 [diff] [blame]
diff --git a/genfs_contexts b/genfs_contexts
new file mode 100644
index 0000000..103136c
--- /dev/null
+++ b/genfs_contexts

@@ -0,0 +1,14 @@
+# Label inodes with the fs label.
+genfscon rootfs / u:object_r:rootfs:s0
+# proc labeling can be further refined (longest matching prefix).
+genfscon proc / u:object_r:proc:s0
+genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid:s0
+# selinuxfs booleans can be individually labeled.
+genfscon selinuxfs / u:object_r:selinuxfs:s0
+genfscon cgroup / u:object_r:cgroup:s0
+# sysfs labels can be set by userspace.
+genfscon sysfs / u:object_r:sysfs:s0
+genfscon inotifyfs / u:object_r:inotify:s0
+genfscon vfat / u:object_r:sdcard:s0
+genfscon debugfs / u:object_r:debugfs:s0
+genfscon fuse / u:object_r:sdcard:s0
commit	dc1072365e99cef38e0d234989ba29e0e2df2b4c	[log] [tgz]
author	William Roberts <bill.c.roberts@gmail.com>	Wed Jul 11 16:46:38 2012 -0700
committer	Stephen Smalley <sds@tycho.nsa.gov>	Thu Jul 12 10:02:45 2012 -0400
tree	ebe6ae75792c81ce495b825a8e6770229f13360c
parent	96bf5059621cd3903e1a402b2c90dbb652aedf90 [diff] [blame]