diff options
author | Jessica Wagantall <jwagantall@cyngn.com> | 2015-10-14 13:30:27 -0700 |
---|---|---|
committer | Gerrit Code Review <gerrit@cyanogenmod.org> | 2015-10-14 13:30:28 -0700 |
commit | e9c20ae7d9bc28c73e7d60995b4df67f88af1b20 (patch) | |
tree | 2010f8faec691d18ffa634175a3c9767c82401bb | |
parent | 3175cd91579a67afed37195778c089ae10b6bdb1 (diff) | |
parent | aadc6e32d33655056e76a79e2f1d45e14c46253c (diff) | |
download | android_device_qcom_sepolicy-stable/cm-12.1-YOG7D.tar.gz android_device_qcom_sepolicy-stable/cm-12.1-YOG7D.tar.bz2 android_device_qcom_sepolicy-stable/cm-12.1-YOG7D.zip |
Merge "Merge remote-tracking branch 'remotes/github/cm-12.1' into HEAD" into stable/cm-12.1-YOG7Dstable/cm-12.1-YOG7D
-rw-r--r-- | common/cnd.te | 5 | ||||
-rw-r--r-- | common/ipacm.te | 3 | ||||
-rw-r--r-- | common/netd.te | 3 |
3 files changed, 10 insertions, 1 deletions
diff --git a/common/cnd.te b/common/cnd.te index 91bc97d5..e7da07b1 100644 --- a/common/cnd.te +++ b/common/cnd.te @@ -70,7 +70,10 @@ allow cnd mediaserver:file { open read }; allow cnd self:socket create_socket_perms; # allow cnd to access ipa_dev -allow cnd ipa_dev:chr_file r_file_perms; +allow cnd ipa_dev:chr_file rw_file_perms; # allow access to nims allow cnd socket_device:dir remove_name; + +# allow access ipa tether stats file +r_dir_file(cnd, ipacm_data_file) diff --git a/common/ipacm.te b/common/ipacm.te index 1c061fd1..1ea4b65d 100644 --- a/common/ipacm.te +++ b/common/ipacm.te @@ -6,6 +6,9 @@ type ipacm-diag_exec, exec_type, file_type; init_daemon_domain(ipacm) init_daemon_domain(ipacm-diag) +# associate netdomain to use for accessing internet sockets +net_domain(ipacm) + userdebug_or_eng(` # Allow using the logging file between ipacm and ipacm-diag allow ipacm ipacm-diag:unix_dgram_socket sendto; diff --git a/common/netd.te b/common/netd.te index 54c83891..b5fdecc5 100644 --- a/common/netd.te +++ b/common/netd.te @@ -11,3 +11,6 @@ dontaudit netd self:capability sys_module; #needed for ipt_TCPMSS and ip6t_TCPMSS allow netd kernel:system module_request; unix_socket_connect(netd, cnd, cnd) + +# allow to read /data/misc/ipa/tether_stats file +r_dir_file(netd, ipacm_data_file) |