diff options
author | Manu Prasad <mpras@codeaurora.org> | 2014-10-21 11:46:26 -0700 |
---|---|---|
committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2014-11-14 12:08:07 -0800 |
commit | 8ec06e0f230459de4b2653c28dfc7c6712885061 (patch) | |
tree | 0f88086edf75b71d3ea7239246bf6660991d1c22 /common | |
parent | fc0a90ed151109ccf933ac9596a1b65baf37d8fd (diff) | |
download | android_device_qcom_sepolicy-8ec06e0f230459de4b2653c28dfc7c6712885061.tar.gz android_device_qcom_sepolicy-8ec06e0f230459de4b2653c28dfc7c6712885061.tar.bz2 android_device_qcom_sepolicy-8ec06e0f230459de4b2653c28dfc7c6712885061.zip |
WFD : Add WFD specific security policies
Change-Id: I905d8d78a759bb02c11f25cb275f642f46181eef
Diffstat (limited to 'common')
-rw-r--r-- | common/netd.te | 2 | ||||
-rw-r--r-- | common/wfd_app.te | 23 |
2 files changed, 25 insertions, 0 deletions
diff --git a/common/netd.te b/common/netd.te index a5e70fa9..124178ad 100644 --- a/common/netd.te +++ b/common/netd.te @@ -1,6 +1,8 @@ #Policies for IPv6 tethering allow netd netd:capability { setgid setuid }; allow netd netd:packet_socket { create bind setopt read ioctl }; +allow netd wfd_app:fd use; +allow netd wfd_app:tcp_socket { read write setopt getopt }; dontaudit netd self:capability sys_module; diff --git a/common/wfd_app.te b/common/wfd_app.te new file mode 100644 index 00000000..f9b17339 --- /dev/null +++ b/common/wfd_app.te @@ -0,0 +1,23 @@ +allow wfd_app init:unix_stream_socket connectto; +allow wfd_app node:tcp_socket node_bind; +allow wfd_app port:tcp_socket { name_bind name_connect }; +allow wfd_app self:tcp_socket { bind create setopt listen write read getopt connect accept getattr }; +allow wfd_app dalvikcache_data_file:file { write setattr }; +allow wfd_app graphics_device:chr_file rw_file_perms; +allow wfd_app graphics_device:dir r_dir_perms; +allow wfd_app node:udp_socket node_bind; +allow wfd_app port:udp_socket name_bind; +allow wfd_app self:udp_socket { bind create getattr write setopt ioctl read getopt }; +allow wfd_app video_device:dir r_dir_perms; +allow wfd_app video_device:chr_file rw_file_perms; +allow wfd_app audio_device:dir r_dir_perms; +allow wfd_app audio_device:chr_file rw_file_perms; +allow wfd_app fwmarkd_socket:sock_file write; +allow wfd_app netd:unix_stream_socket connectto; +allow wfd_app firmware_file:dir r_dir_perms; +allow wfd_app firmware_file:file r_file_perms; +allow wfd_app tee_device:chr_file rw_file_perms; +allow wfd_app media_rw_data_file:dir rw_dir_perms; +allow wfd_app media_rw_data_file:file create_file_perms; +allow wfd_app system_app_data_file:dir create_dir_perms; +allow wfd_app uhid_device:chr_file rw_file_perms; |