diff options
| author | Sravanthi Palakonda <srapal@codeaurora.org> | 2015-11-06 16:56:06 +0530 |
|---|---|---|
| committer | Sravanthi Palakonda <srapal@codeaurora.org> | 2015-12-22 14:55:07 +0530 |
| commit | 7294e4fffec35041b377f00b1e6ea7acfa8a6f82 (patch) | |
| tree | d74be43725c85fb179e0b00bc363104c91be0207 | |
| parent | d486ad89198fc45cccf1c17b1e923262e929a4e6 (diff) | |
| download | android_device_qcom_sepolicy-7294e4fffec35041b377f00b1e6ea7acfa8a6f82.tar.gz android_device_qcom_sepolicy-7294e4fffec35041b377f00b1e6ea7acfa8a6f82.tar.bz2 android_device_qcom_sepolicy-7294e4fffec35041b377f00b1e6ea7acfa8a6f82.zip | |
Seandroid: Adding policy for WLAN and Tethering
Adding SEL policies for netd, hostapd and tethering.
These policies will allow the netd to bind to
the hostapd as monitor and listen to messages from the
hostapd. Also, these will allow the supplicant to access
the wpa_socket directory if it's created by netd.
Tethering policies will allow tethering to access DHCP
leases, and then get device name from it.
Tethering will listen to messages from hostapd via
netd, then send the connected device information to
Settings UI
Change-Id: Ief86e9e87fdf7e3433889b0173fc81c4f186beec
CRs-Fixed: 949267
[Removed changes from net.te]
| -rw-r--r-- | common/hostapd.te | 3 | ||||
| -rw-r--r-- | common/net.te | 9 | ||||
| -rw-r--r-- | common/netd.te | 10 | ||||
| -rw-r--r-- | common/system_server.te | 3 |
4 files changed, 14 insertions, 11 deletions
diff --git a/common/hostapd.te b/common/hostapd.te index 54cec32d..a6272509 100644 --- a/common/hostapd.te +++ b/common/hostapd.te @@ -42,5 +42,4 @@ allow hostapd cnd:{ allow hostapd cnd:fifo_file r_file_perms; allow hostapd smem_log_device:chr_file rw_file_perms; allow hostapd fstman:unix_dgram_socket sendto; -allow hostapd netd:unix_dgram_socket sendto; -allow hostapd wpa_socket:sock_file write; +unix_socket_send(hostapd, wpa, netd) diff --git a/common/net.te b/common/net.te index fc39608c..e5e3df03 100644 --- a/common/net.te +++ b/common/net.te @@ -4,12 +4,3 @@ unix_socket_connect(netdomain, cnd, cnd) # allow netdomain access to dpmd unix_socket_connect(netdomain, dpmwrapper, dpmd) -allow netd self:capability fsetid; -allow netd hostapd:unix_dgram_socket sendto; - -# Allow netd to chmod dir /data/misc/dhcp -allow netd dhcp_data_file:dir create_dir_perms; - -type_transition netd wifi_data_file:dir wpa_socket "sockets"; -allow netd wpa_socket:dir create_dir_perms; -allow netd wpa_socket:sock_file create_file_perms; diff --git a/common/netd.te b/common/netd.te index 680d499a..9e067dd7 100644 --- a/common/netd.te +++ b/common/netd.te @@ -19,3 +19,13 @@ allow netd ipacm_data_file:file r_file_perms; # needed for netd to start FST Manager via system property allow netd netd_prop:property_service set; allow netd qtitetherservices_service:service_manager find; + +allow netd self:capability fsetid; +allow netd hostapd:unix_dgram_socket sendto; + +# Allow netd to chmod dir /data/misc/dhcp +allow netd dhcp_data_file:dir create_dir_perms; + +type_transition netd wifi_data_file:dir wpa_socket "sockets"; +allow netd wpa_socket:dir create_dir_perms; +allow netd wpa_socket:sock_file create_file_perms; diff --git a/common/system_server.te b/common/system_server.te index 86888b08..4aca89f3 100644 --- a/common/system_server.te +++ b/common/system_server.te @@ -120,3 +120,6 @@ allow system_server iqfp_service:service_manager find; #for seemp unix_socket_send(system_server, seempdw, seempd) + +# allow tethering to access dhcp leases +r_dir_file(system_server, dhcp_data_file) |