diff options
author | Ricardo Cerqueira <ricardo@cyngn.com> | 2015-11-05 00:42:47 +0000 |
---|---|---|
committer | Ricardo Cerqueira <ricardo@cyngn.com> | 2015-11-05 00:42:47 +0000 |
commit | 2a3f195b0c1e010a042c9511f4731a25df39b3fb (patch) | |
tree | 2c9e73c4a2cc244fe07a0d038b115f6cf35ede18 | |
parent | 2bfaf9ba1f5feed0147661d5bfd79bd66e9461a7 (diff) | |
parent | dbd06c18ca014da4386a1ebb3691fb3825822172 (diff) | |
download | android_external_sepolicy-2a3f195b0c1e010a042c9511f4731a25df39b3fb.tar.gz android_external_sepolicy-2a3f195b0c1e010a042c9511f4731a25df39b3fb.tar.bz2 android_external_sepolicy-2a3f195b0c1e010a042c9511f4731a25df39b3fb.zip |
Merge tag 'android-6.0.0_r26' into cm-13.0
Android 6.0.0 release 26
-rw-r--r-- | system_server.te | 6 | ||||
-rw-r--r-- | untrusted_app.te | 3 |
2 files changed, 8 insertions, 1 deletions
diff --git a/system_server.te b/system_server.te index 6c088f3..36c36e9 100644 --- a/system_server.te +++ b/system_server.te @@ -101,9 +101,13 @@ allow system_server proc_sysrq:file rw_file_perms; # Read /sys/kernel/debug/wakeup_sources. allow system_server debugfs:file r_file_perms; -# WifiWatchdog uses a packet_socket +# The DhcpClient and WifiWatchdog use packet_sockets allow system_server self:packet_socket create_socket_perms; +# NetworkDiagnostics requires explicit bind() calls to ping sockets. These aren't actually the same +# as raw sockets, but the kernel doesn't yet distinguish between the two. +allow system_server node:rawip_socket node_bind; + # 3rd party VPN clients require a tun_socket to be created allow system_server self:tun_socket create_socket_perms; diff --git a/untrusted_app.te b/untrusted_app.te index 693a13c..2aa1495 100644 --- a/untrusted_app.te +++ b/untrusted_app.te @@ -80,6 +80,9 @@ allow untrusted_app mnt_media_rw_file:dir search; allow untrusted_app cache_file:dir create_dir_perms; allow untrusted_app cache_file:file create_file_perms; +# allow cts to query all services +allow untrusted_app servicemanager:service_manager list; + allow untrusted_app drmserver_service:service_manager find; allow untrusted_app mediaserver_service:service_manager find; allow untrusted_app nfc_service:service_manager find; |