PawletOS/FrameworkAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update sepolicy/pawlet_device.te

Browse Source
This commit is contained in:
oxmc
2025-08-19 12:58:48 -07:00
parent 91e088d936
commit 423e1f468b
1 changed files with 7 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
sepolicy/pawlet_device.te
View File

@@ -5,17 +5,14 @@ type pawlet_device_exec, exec_type, file_type, system_file_type;
# Inherit from core domain
typeattribute pawlet_device coredomain;
# Property access - use proper macros ONLY
# Property access - use proper macros ONLY (no direct allow rules)
get_prop(pawlet_device, vendor_default_prop)
set_prop(pawlet_device, vendor_default_prop)
# Framework interactions - use proper macros
# REMOVE direct service_manager access
# allow pawlet_device system_server:service_manager find;
# REMOVE all direct file access to properties
# allow pawlet_device vendor_default_prop:file { getattr open read map };
# If you need to interact with system services, use proper domains:
# Binder communication if needed
allow pawlet_device system_server:binder { call transfer };
allow pawlet_device servicemanager:binder { call transfer };
# Basic file access for your domain (only for your own files)
allow pawlet_device pawlet_device_exec:file { execute read open map };
allow pawlet_device system_file:file { read getattr open };