find /opt/usr/media -print0 | xargs -0 chsmack -a 'system::media'
find /opt/usr/media -type d -print0 | xargs -0 chsmack -t
-# set vconf label when first boot
-if [ ! -e /opt/etc/.vconf_labeling ]; then
- chsmack -a 'system::vconf' /opt/var/kdb/db
- chsmack -t /opt/var/kdb/db
- find /opt/var/kdb/db -print0 | xargs -0 chsmack -a 'system::vconf'
- find /opt/var/kdb/db -type d -print0 | xargs -0 chsmack -t
- find /opt/var/kdb/file -print0 | xargs -0 chsmack -a 'system::vconf'
- find /opt/var/kdb/file -type d -print0 | xargs -0 chsmack -t
- find /var/run/memory -print0 | xargs -0 chsmack -a 'system::vconf'
- find /var/run/memory -type d -print0 | xargs -0 chsmack -t
- touch /opt/etc/.vconf_labeling
+chsmack -a 'system::share' /dev/shm
+chsmack -t /dev/shm
+
+if [ ! -e /opt/etc/.pkg_smack ]; then
+ /usr/bin/pkg_smack
+ touch /opt/etc/.pkg_smack
fi
+# set vconf label when first boot
+#if [ ! -e /opt/etc/.vconf_labeling ]; then
+# chsmack -a 'system::vconf' /opt/var/kdb/db
+# chsmack -t /opt/var/kdb/db
+# find /opt/var/kdb/db -print0 | xargs -0 chsmack -a 'system::vconf'
+# find /opt/var/kdb/db -type d -print0 | xargs -0 chsmack -t
+# find /opt/var/kdb/file -print0 | xargs -0 chsmack -a 'system::vconf'
+# find /opt/var/kdb/file -type d -print0 | xargs -0 chsmack -t
+# find /var/run/memory -print0 | xargs -0 chsmack -a 'system::vconf'
+# find /var/run/memory -type d -print0 | xargs -0 chsmack -t
+# touch /opt/etc/.vconf_labeling
+#fi
+
# Set device node permissions for security
#chsmack -a 'system::system_bklight' /sys/class/backlight/*/brightness
#chsmack -a '*' /sys/class/haptic/motor/level
echo "128.0.0.0/1 system::use_internet" >> /smack/netlabel
echo "127.0.0.1 -CIPSO" >> /smack/netlabel
echo "192.168.129.1 @" >> /smack/netlabel
+echo "system::use_internet" > /smack/ambient
# Set label to database files
chsmack -a 'libaccounts-svc::db' $DBSPACE/.account.db*
-chsmack -a 'wrt-security::db_ace' $DBSPACE/.ace.db*
+#chsmack -a 'wrt-security::db_ace' $DBSPACE/.ace.db*
chsmack -a 'libslp-alarm::db' $DBSPACE/.alarm.db*
chsmack -a 'alarm-server::db' $DBSPACE/.alarmmgr.db*
chsmack -a 'ail::db' $DBSPACE/.app_info.db*