commit | 753cfa58698b5eef723c35eabb445d4509aacc13 | [log] [tgz] |
---|---|---|
author | Stephen Smalley <sds@tycho.nsa.gov> | Wed Apr 09 08:19:04 2014 -0400 |
committer | Stephen Smalley <sds@tycho.nsa.gov> | Wed Apr 09 08:19:04 2014 -0400 |
tree | c6f897237c4087f05a93e7179979a622f4107d0a | |
parent | 6f5c0998fcbbe90fa356fb9307182e273cb2fb9d [diff] |
Allow netmgrd to execute sh. It invokes helper programs such as /system/bin/ip via sh -c. In the future, look at reworking netmgrd to directly invoke the helper programs and/or to transition to a different domain upon sh invocation to shed unnecessary permissions. Also rewrite the system_file rule for /system/bin/ip to use the rx_file_perms macro for consistency. Change-Id: I407d4503868e928dd876cce932fe6a96fcbd4e0d Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>