diff options
author | Neelansh Mittal <neelanshm@codeaurora.org> | 2015-11-06 15:21:41 +0530 |
---|---|---|
committer | Srinivas Dasari <dasaris@codeaurora.org> | 2015-11-06 15:23:59 +0530 |
commit | 504e759a60608949548ef14a23f856e055377ae4 (patch) | |
tree | 455d6d3bfcd54e62e3b251a78c8ccc023fcb20c5 /common | |
parent | 90e596930f2ee3137dbf3f73ae5141d7e8e1f48e (diff) | |
download | android_device_qcom_sepolicy-504e759a60608949548ef14a23f856e055377ae4.tar.gz android_device_qcom_sepolicy-504e759a60608949548ef14a23f856e055377ae4.tar.bz2 android_device_qcom_sepolicy-504e759a60608949548ef14a23f856e055377ae4.zip |
Seandroid: Adding policy for WLAN.
Adding SEL policies for netd and hostapd.
These policies will allow the netd to bind to
the hostapd as monitor and listen to messages from the
hostapd.Also, these will allow the supplicant to access
the wpa_socket directory if it's created by netd.
CRs-Fixed: 756001
Change-Id: Ib2446898d721a78a5c6a434520f873c69cb65758
Diffstat (limited to 'common')
-rw-r--r-- | common/hostapd.te | 2 | ||||
-rw-r--r-- | common/net.te | 10 |
2 files changed, 12 insertions, 0 deletions
diff --git a/common/hostapd.te b/common/hostapd.te index 09a24c21..54cec32d 100644 --- a/common/hostapd.te +++ b/common/hostapd.te @@ -42,3 +42,5 @@ allow hostapd cnd:{ allow hostapd cnd:fifo_file r_file_perms; allow hostapd smem_log_device:chr_file rw_file_perms; allow hostapd fstman:unix_dgram_socket sendto; +allow hostapd netd:unix_dgram_socket sendto; +allow hostapd wpa_socket:sock_file write; diff --git a/common/net.te b/common/net.te index f8cacb12..fc39608c 100644 --- a/common/net.te +++ b/common/net.te @@ -3,3 +3,13 @@ unix_socket_connect(netdomain, cnd, cnd) # allow netdomain access to dpmd unix_socket_connect(netdomain, dpmwrapper, dpmd) + +allow netd self:capability fsetid; +allow netd hostapd:unix_dgram_socket sendto; + +# Allow netd to chmod dir /data/misc/dhcp +allow netd dhcp_data_file:dir create_dir_perms; + +type_transition netd wifi_data_file:dir wpa_socket "sockets"; +allow netd wpa_socket:dir create_dir_perms; +allow netd wpa_socket:sock_file create_file_perms; |