commit 3927d123a06cefd5b3f641a2d23bcb3ec06b36f0
author Zvikomborero VIncent Zvikaramba <zvikovincent@gmail.com> Sun Aug 21 22:49:17 2016 -0400
committer Zvikomborero VIncent Zvikaramba <zvikovincent@gmail.com> Sun Aug 21 22:49:17 2016 -0400
tree 8da9aded8a80bb70ca1a6e925ee532c0c7699b52
parent eb35f2abefd472dfd9d3dde3d657a1ef271d0693

Revert "Revert "Added new SELinux policies""

This reverts commit eb35f2abefd472dfd9d3dde3d657a1ef271d0693.

sepolicy/ss_conn_daemon.te

diff --git a/sepolicy/ss_conn_daemon.te b/sepolicy/ss_conn_daemon.te
new file mode 100644
index 0000000..f720ad6
--- /dev/null
+++ b/sepolicy/ss_conn_daemon.te
@@ -0,0 +1,45 @@
+#============ss_conn_daemon=================
+type ss_conn_daemon, domain;
+type ss_conn_daemon_exec, exec_type, file_type;
+init_daemon_domain(ss_conn_daemon)
+net_domain(ss_conn_daemon)
+
+# To make VT call
+binder_use(ss_conn_daemon)
+
+allow ss_conn_daemon init:process sigchld;
+allow ss_conn_daemon node:tcp_socket node_bind;
+allow ss_conn_daemon node:udp_socket node_bind;
+allow ss_conn_daemon port:tcp_socket { name_bind name_connect };
+allow ss_conn_daemon port:udp_socket name_bind;
+allow ss_conn_daemon ss_conn_daemon:appletalk_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
+allow ss_conn_daemon ss_conn_daemon:capability sys_nice;
+allow ss_conn_daemon ss_conn_daemon:dir { read search ioctl open getattr };
+allow ss_conn_daemon ss_conn_daemon:fd use;
+allow ss_conn_daemon ss_conn_daemon:fifo_file { read lock getattr write ioctl open append };
+allow ss_conn_daemon ss_conn_daemon:file { read lock getattr write ioctl open append };
+allow ss_conn_daemon ss_conn_daemon:ipc { unix_read setattr associate read create write getattr unix_write destroy };
+allow ss_conn_daemon ss_conn_daemon:key { search setattr read create write link view };
+allow ss_conn_daemon ss_conn_daemon:key_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
+allow ss_conn_daemon ss_conn_daemon:lnk_file { read lock ioctl open getattr };
+allow ss_conn_daemon ss_conn_daemon:msg { receive send };
+allow ss_conn_daemon ss_conn_daemon:msgq { unix_read setattr associate read create write enqueue getattr unix_write destroy };
+allow ss_conn_daemon ss_conn_daemon:netlink_route_socket { nlmsg_write lock accept connect shutdown append create nlmsg_read write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
+allow ss_conn_daemon ss_conn_daemon:netlink_selinux_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
+allow ss_conn_daemon ss_conn_daemon:packet_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
+allow ss_conn_daemon ss_conn_daemon:process { sigkill share getpgid signull setkeycreate siginh getattr setcurrent setrlimit rlimitinh fork getsession setexec setpgid setsched sigstop ptrace noatsecure setsockcreate setfscreate execheap sigchld execstack signal transition setcap execmem getcap getsched dyntransition };
+allow ss_conn_daemon ss_conn_daemon:rawip_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
+allow ss_conn_daemon ss_conn_daemon:sem { unix_read setattr associate read create write getattr unix_write destroy };
+allow ss_conn_daemon ss_conn_daemon:shm { unix_read setattr associate read lock create write getattr unix_write destroy };
+allow ss_conn_daemon ss_conn_daemon:socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
+allow ss_conn_daemon ss_conn_daemon:tcp_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind name_connect send_msg setattr bind recvfrom sendto relabelto node_bind };
+allow ss_conn_daemon ss_conn_daemon:tun_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read attach_queue ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
+allow ss_conn_daemon ss_conn_daemon:udp_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto node_bind };
+allow ss_conn_daemon ss_conn_daemon:unix_dgram_socket { lock accept connect shutdown append create write relabelfrom getattr getopt listen setopt read ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
+allow ss_conn_daemon ss_conn_daemon:unix_stream_socket { lock accept connect shutdown append connectto create write relabelfrom getattr getopt listen acceptfrom setopt read newconn ioctl recv_msg name_bind send_msg setattr bind recvfrom sendto relabelto };
+allow ss_conn_daemon ss_conn_daemon_exec:file { read open getattr entrypoint execute };
+allow ss_conn_daemon ss_conn_daemon_socket:sock_file { rename setattr read lock create getattr write ioctl link unlink open append };
+allow ss_conn_daemon ss_conn_daemon_tmpfs:file { read write };
+allow ss_conn_daemon system_data_file:dir { rename search setattr read create reparent getattr write ioctl link rmdir remove_name unlink open add_name };
+allow ss_conn_daemon system_data_file:file { rename setattr read lock create getattr write ioctl link unlink open append };
+allow ss_conn_daemon usb_device:chr_file { rename setattr read lock create getattr write ioctl link unlink open append };