commit | a0433acb4c8f07838f038b696752bea7753ba3a0 | [log] [tgz] |
---|---|---|
author | Stephen Smalley <sds@tycho.nsa.gov> | Wed Apr 09 08:18:48 2014 -0400 |
committer | Stephen Smalley <sds@tycho.nsa.gov> | Wed Apr 09 08:18:48 2014 -0400 |
tree | 571a59ad290faf9dacabb40fdebca4dc1e7b6dc5 | |
parent | 2dd914ee943783e96f9e65af2e6e373013dde66c [diff] |
Allow netmgrd to execute sh. It invokes helper programs such as /system/bin/ip via sh -c. In the future, look at reworking netmgrd to directly invoke the helper programs and/or to transition to a different domain upon sh invocation to shed unnecessary permissions. Also rewrite the system_file rule for /system/bin/ip to use the rx_file_perms macro for consistency. Change-Id: I407d4503868e928dd876cce932fe6a96fcbd4e0d Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>