aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRicardo Cerqueira <ricardo@cyngn.com>2015-11-05 00:42:47 +0000
committerRicardo Cerqueira <ricardo@cyngn.com>2015-11-05 00:42:47 +0000
commit2a3f195b0c1e010a042c9511f4731a25df39b3fb (patch)
tree2c9e73c4a2cc244fe07a0d038b115f6cf35ede18
parent2bfaf9ba1f5feed0147661d5bfd79bd66e9461a7 (diff)
parentdbd06c18ca014da4386a1ebb3691fb3825822172 (diff)
downloadandroid_external_sepolicy-2a3f195b0c1e010a042c9511f4731a25df39b3fb.tar.gz
android_external_sepolicy-2a3f195b0c1e010a042c9511f4731a25df39b3fb.tar.bz2
android_external_sepolicy-2a3f195b0c1e010a042c9511f4731a25df39b3fb.zip
Merge tag 'android-6.0.0_r26' into cm-13.0
Android 6.0.0 release 26
-rw-r--r--system_server.te6
-rw-r--r--untrusted_app.te3
2 files changed, 8 insertions, 1 deletions
diff --git a/system_server.te b/system_server.te
index 6c088f3..36c36e9 100644
--- a/system_server.te
+++ b/system_server.te
@@ -101,9 +101,13 @@ allow system_server proc_sysrq:file rw_file_perms;
# Read /sys/kernel/debug/wakeup_sources.
allow system_server debugfs:file r_file_perms;
-# WifiWatchdog uses a packet_socket
+# The DhcpClient and WifiWatchdog use packet_sockets
allow system_server self:packet_socket create_socket_perms;
+# NetworkDiagnostics requires explicit bind() calls to ping sockets. These aren't actually the same
+# as raw sockets, but the kernel doesn't yet distinguish between the two.
+allow system_server node:rawip_socket node_bind;
+
# 3rd party VPN clients require a tun_socket to be created
allow system_server self:tun_socket create_socket_perms;
diff --git a/untrusted_app.te b/untrusted_app.te
index 693a13c..2aa1495 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -80,6 +80,9 @@ allow untrusted_app mnt_media_rw_file:dir search;
allow untrusted_app cache_file:dir create_dir_perms;
allow untrusted_app cache_file:file create_file_perms;
+# allow cts to query all services
+allow untrusted_app servicemanager:service_manager list;
+
allow untrusted_app drmserver_service:service_manager find;
allow untrusted_app mediaserver_service:service_manager find;
allow untrusted_app nfc_service:service_manager find;