Add policy for run-as program. Add policy for run-as program and label it in file_contexts. Drop MLS constraints on local socket checks other than create/relabel as this interferes with connections with services, in particular for adb forward. Change-Id: Ib0c4abeb7cbef559e150a620c45a7c31e0531114 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

commit: e8848726553e3abee6033200c98a657c9ca7cdb8 [log] [tgz]
author: Stephen Smalley <sds@tycho.nsa.gov> Tue Nov 13 13:00:05 2012 -0500
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Nov 27 10:05:42 2012 -0800
tree: 525a1e762f5b6a6bd46223aa82c8edd90c9d0929
parent: fdaa7869a5541b55413f59845dc5f7c56bab0614 [diff] [blame]
diff --git a/file_contexts b/file_contexts
index 43e532a..976783f 100644
--- a/file_contexts
+++ b/file_contexts

@@ -89,6 +89,7 @@
 /system/bin/ash		u:object_r:shell_exec:s0
 /system/bin/mksh	u:object_r:shell_exec:s0
 /system/bin/sh		--	u:object_r:shell_exec:s0
+/system/bin/run-as	--	u:object_r:runas_exec:s0
 /system/bin/app_process	u:object_r:zygote_exec:s0
 /system/bin/servicemanager	u:object_r:servicemanager_exec:s0
 /system/bin/surfaceflinger	u:object_r:surfaceflinger_exec:s0
commit	e8848726553e3abee6033200c98a657c9ca7cdb8	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Tue Nov 13 13:00:05 2012 -0500
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Tue Nov 27 10:05:42 2012 -0800
tree	525a1e762f5b6a6bd46223aa82c8edd90c9d0929
parent	fdaa7869a5541b55413f59845dc5f7c56bab0614 [diff] [blame]