Merge "Seandroid: Changing context for wcnss services"

author: Linux Build Service Account <lnxbuild@localhost> 2014-11-13 13:02:23 -0800
committer: Gerrit - the friendly Code Review server <code-review@localhost> 2014-11-13 13:02:23 -0800
commit: c9640c4d32cfc0baa4b3e98595ee32a72ce32654 (patch)
tree: 8672e8e214f0b9c0f99580977a47cb3883e1cc43 /common
parent: b5bbd54ddae646aff7d435a34548cb14d7c90d7c (diff)
parent: e0ef785a1bb25198dc0f5b1e583a0dfc2952cbf7 (diff)
download: android_device_qcom_sepolicy-c9640c4d32cfc0baa4b3e98595ee32a72ce32654.tar.gz
android_device_qcom_sepolicy-c9640c4d32cfc0baa4b3e98595ee32a72ce32654.tar.bz2
android_device_qcom_sepolicy-c9640c4d32cfc0baa4b3e98595ee32a72ce32654.zip
3 files changed, 19 insertions, 2 deletions
diff --git a/common/file_contexts b/common/file_contexts
index afc956a0..47fd0591 100755
--- a/common/file_contexts
+++ b/common/file_contexts
@@ -119,8 +119,8 @@
 /system/bin/qseecomd                            u:object_r:tee_exec:s0
 /system/bin/hostapd_cli                         u:object_r:hostapd_exec:s0
 /system/bin/adsprpcd                            u:object_r:adsprpcd_exec:s0
-/system/bin/wpa_cli                             u:object_r:wpa_exec:s0
-/system/bin/cnss-daemon                         u:object_r:wpa_exec:s0
+/system/bin/wpa_cli                             u:object_r:wcnss_service_exec:s0
+/system/bin/cnss-daemon                         u:object_r:wcnss_service_exec:s0
 /system/bin/mdm_helper                          u:object_r:mdm_helper_exec:s0
 /system/bin/mdm_helper_proxy                    u:object_r:mdm_helper_exec:s0
 /system/bin/ks                                  u:object_r:mdm_helper_exec:s0
diff --git a/common/netmgrd.te b/common/netmgrd.te
index 5cec0397..a5f5a77f 100644
--- a/common/netmgrd.te
+++ b/common/netmgrd.te
@@ -60,3 +60,5 @@ allow netmgrd shell_exec:file { execute r_file_perms execute_no_trans };
 allow netmgrd sysfs_esoc:lnk_file read;
 
 r_dir_file(netmgrd, sysfs_ssr);
+
+allow netmgrd wcnss_service_exec:file rx_file_perms;
diff --git a/common/wcnss_service.te b/common/wcnss_service.te
index 22e180e9..85d566ea 100644
--- a/common/wcnss_service.te
+++ b/common/wcnss_service.te
@@ -2,6 +2,7 @@ type wcnss_service, domain;
 type wcnss_service_exec, exec_type, file_type;
 
 init_daemon_domain(wcnss_service)
+net_domain(wcnss_service)
 
 unix_socket_connect(wcnss_service, property, init)
 allow wcnss_service wcnss_device:chr_file rw_file_perms;
@@ -12,3 +13,17 @@ allow wcnss_service wifi_data_file:dir w_dir_perms;
 allow wcnss_service wifi_data_file:file create_file_perms;
 
 allow wcnss_service system_prop:property_service set;
+allow wcnss_service persist_file:dir r_dir_perms;
+qmux_socket(wcnss_service);
+
+allow wcnss_service self:socket create_socket_perms;
+allow wcnss_service smem_log_device:chr_file rw_file_perms;
+allow wcnss_service proc_net:file write;
+
+# allow wpa_supplicant to send back wifi information to cnd
+allow wcnss_service cnd:unix_dgram_socket sendto;
+allow wcnss_service self:capability { setuid setgid dac_override net_admin };
+
+allow wcnss_service self:netlink_socket create_socket_perms;
+allow wcnss_service firmware_file:dir r_dir_perms;
+allow wcnss_service firmware_file:file r_file_perms;
author	Linux Build Service Account <lnxbuild@localhost>	2014-11-13 13:02:23 -0800
committer	Gerrit - the friendly Code Review server <code-review@localhost>	2014-11-13 13:02:23 -0800
commit	c9640c4d32cfc0baa4b3e98595ee32a72ce32654 (patch)
tree	8672e8e214f0b9c0f99580977a47cb3883e1cc43 /common
parent	b5bbd54ddae646aff7d435a34548cb14d7c90d7c (diff)
parent	e0ef785a1bb25198dc0f5b1e583a0dfc2952cbf7 (diff)
download	android_device_qcom_sepolicy-c9640c4d32cfc0baa4b3e98595ee32a72ce32654.tar.gz android_device_qcom_sepolicy-c9640c4d32cfc0baa4b3e98595ee32a72ce32654.tar.bz2 android_device_qcom_sepolicy-c9640c4d32cfc0baa4b3e98595ee32a72ce32654.zip