Merge "WFD : Add WFD specific security policies"

author: Linux Build Service Account <lnxbuild@localhost> 2014-11-15 03:57:42 -0800
committer: Gerrit - the friendly Code Review server <code-review@localhost> 2014-11-15 03:57:42 -0800
commit: 8415407021b77fb9266090d4209cdfd41c80449b (patch)
tree: 0f88086edf75b71d3ea7239246bf6660991d1c22
parent: 964809528fcf67bcdb411fbccb97294e70f8be66 (diff)
parent: 8ec06e0f230459de4b2653c28dfc7c6712885061 (diff)
download: android_device_qcom_sepolicy-8415407021b77fb9266090d4209cdfd41c80449b.tar.gz
android_device_qcom_sepolicy-8415407021b77fb9266090d4209cdfd41c80449b.tar.bz2
android_device_qcom_sepolicy-8415407021b77fb9266090d4209cdfd41c80449b.zip
3 files changed, 27 insertions, 1 deletions
diff --git a/Android.mk b/Android.mk
index e4c204a6..1e6ffbf5 100644
--- a/Android.mk
+++ b/Android.mk
@@ -86,7 +86,8 @@ BOARD_SEPOLICY_UNION := \
        installd.te \
        wcnss_service.te \
        mmi.te \
-       dhcp.te
+       dhcp.te \
+       wfd_app.te
 
 # Compile sensor pilicy only for SSC targets
 SSC_TARGET_LIST := apq8084
diff --git a/common/netd.te b/common/netd.te
index a5e70fa9..124178ad 100644
--- a/common/netd.te
+++ b/common/netd.te
@@ -1,6 +1,8 @@
 #Policies for IPv6 tethering
 allow netd netd:capability { setgid setuid };
 allow netd netd:packet_socket { create bind setopt read ioctl };
+allow netd wfd_app:fd use;
+allow netd wfd_app:tcp_socket { read write setopt getopt };
 
 dontaudit netd self:capability sys_module;
 
diff --git a/common/wfd_app.te b/common/wfd_app.te
new file mode 100644
index 00000000..f9b17339
--- /dev/null
+++ b/common/wfd_app.te
@@ -0,0 +1,23 @@
+allow wfd_app init:unix_stream_socket connectto;
+allow wfd_app node:tcp_socket node_bind;
+allow wfd_app port:tcp_socket { name_bind name_connect };
+allow wfd_app self:tcp_socket { bind create setopt listen write read getopt connect accept getattr };
+allow wfd_app dalvikcache_data_file:file { write setattr };
+allow wfd_app graphics_device:chr_file rw_file_perms;
+allow wfd_app graphics_device:dir r_dir_perms;
+allow wfd_app node:udp_socket node_bind;
+allow wfd_app port:udp_socket name_bind;
+allow wfd_app self:udp_socket { bind create getattr write setopt ioctl read getopt };
+allow wfd_app video_device:dir r_dir_perms;
+allow wfd_app video_device:chr_file rw_file_perms;
+allow wfd_app audio_device:dir r_dir_perms;
+allow wfd_app audio_device:chr_file rw_file_perms;
+allow wfd_app fwmarkd_socket:sock_file write;
+allow wfd_app netd:unix_stream_socket connectto;
+allow wfd_app firmware_file:dir r_dir_perms;
+allow wfd_app firmware_file:file r_file_perms;
+allow wfd_app tee_device:chr_file rw_file_perms;
+allow wfd_app media_rw_data_file:dir rw_dir_perms;
+allow wfd_app media_rw_data_file:file create_file_perms;
+allow wfd_app system_app_data_file:dir create_dir_perms;
+allow wfd_app uhid_device:chr_file rw_file_perms;
author	Linux Build Service Account <lnxbuild@localhost>	2014-11-15 03:57:42 -0800
committer	Gerrit - the friendly Code Review server <code-review@localhost>	2014-11-15 03:57:42 -0800
commit	8415407021b77fb9266090d4209cdfd41c80449b (patch)
tree	0f88086edf75b71d3ea7239246bf6660991d1c22
parent	964809528fcf67bcdb411fbccb97294e70f8be66 (diff)
parent	8ec06e0f230459de4b2653c28dfc7c6712885061 (diff)
download	android_device_qcom_sepolicy-8415407021b77fb9266090d4209cdfd41c80449b.tar.gz android_device_qcom_sepolicy-8415407021b77fb9266090d4209cdfd41c80449b.tar.bz2 android_device_qcom_sepolicy-8415407021b77fb9266090d4209cdfd41c80449b.zip