[Feature][ZXW-65]merged P49 base code Change-Id: I3e09c0c3d47483bc645f02310380ecb7fc6f4041

commit: 758261d1c1850656b47c4c40486e4237bcd769a6 [log] [tgz]
author: lh <lh@exm.com> Thu Jul 13 05:52:04 2023 -0700
committer: lh <lh@exm.com> Thu Jul 13 05:52:04 2023 -0700
tree: 3bc26310c3b153ab3189a54780a041d5278a2432
parent: b0dd97e3f107d69ed0d9728748df12c7833884a7 [diff] [blame]
diff --git a/cap/zx297520v3/sources/meta-selinux/recipes-security/selinux/selinux-sandbox.inc b/cap/zx297520v3/sources/meta-selinux/recipes-security/selinux/selinux-sandbox.inc
new file mode 100755
index 0000000..c8e335a
--- /dev/null
+++ b/cap/zx297520v3/sources/meta-selinux/recipes-security/selinux/selinux-sandbox.inc

@@ -0,0 +1,27 @@
+SUMMARY = "Run cmd under an SELinux sandbox"
+DESCRIPTION = "\
+Run application within a tightly confined SELinux domain. The default \
+sandbox domain only allows applications the ability to read and write \
+stdin, stdout and any other file descriptors handed to it."
+
+SECTION = "base"
+LICENSE = "GPLv2+"
+
+SRC_URI += "file://sandbox-de-bashify.patch \
+"
+
+DEPENDS += "libcap-ng libselinux"
+
+RDEPENDS_${PN} += "\
+        python3-core \
+        python3-math \
+        python3-shell \
+        python3-unixadmin \
+        libselinux-python \
+        selinux-python \
+"
+
+FILES_${PN} += "\
+        ${datadir}/sandbox/sandboxX.sh \
+        ${datadir}/sandbox/start \
+"
commit	758261d1c1850656b47c4c40486e4237bcd769a6	[log] [tgz]
author	lh <lh@exm.com>	Thu Jul 13 05:52:04 2023 -0700
committer	lh <lh@exm.com>	Thu Jul 13 05:52:04 2023 -0700
tree	3bc26310c3b153ab3189a54780a041d5278a2432
parent	b0dd97e3f107d69ed0d9728748df12c7833884a7 [diff] [blame]