diff options
| author | Avijit Kanti Das <avijitnsec@codeaurora.org> | 2014-11-05 10:40:03 -0800 |
|---|---|---|
| committer | Avijit Kanti Das <avijitnsec@codeaurora.org> | 2014-11-12 11:35:26 -0800 |
| commit | e0ef785a1bb25198dc0f5b1e583a0dfc2952cbf7 (patch) | |
| tree | 08a51647c219926358467fa5606618eaee902303 /common | |
| parent | e98f0433476f1734872a93f2f31bcaabf0b2a0eb (diff) | |
| download | android_device_qcom_sepolicy-e0ef785a1bb25198dc0f5b1e583a0dfc2952cbf7.tar.gz android_device_qcom_sepolicy-e0ef785a1bb25198dc0f5b1e583a0dfc2952cbf7.tar.bz2 android_device_qcom_sepolicy-e0ef785a1bb25198dc0f5b1e583a0dfc2952cbf7.zip | |
Seandroid: Changing context for wcnss services
Changing wcnss service context from wpa to wcnss
Change-Id: Ia5c4c0c8fdf3c073e47e44a4b4e29ae886c87a1f
Diffstat (limited to 'common')
| -rwxr-xr-x | common/file_contexts | 4 | ||||
| -rw-r--r-- | common/netmgrd.te | 2 | ||||
| -rw-r--r-- | common/wcnss_service.te | 15 |
3 files changed, 19 insertions, 2 deletions
diff --git a/common/file_contexts b/common/file_contexts index afc956a0..47fd0591 100755 --- a/common/file_contexts +++ b/common/file_contexts @@ -119,8 +119,8 @@ /system/bin/qseecomd u:object_r:tee_exec:s0 /system/bin/hostapd_cli u:object_r:hostapd_exec:s0 /system/bin/adsprpcd u:object_r:adsprpcd_exec:s0 -/system/bin/wpa_cli u:object_r:wpa_exec:s0 -/system/bin/cnss-daemon u:object_r:wpa_exec:s0 +/system/bin/wpa_cli u:object_r:wcnss_service_exec:s0 +/system/bin/cnss-daemon u:object_r:wcnss_service_exec:s0 /system/bin/mdm_helper u:object_r:mdm_helper_exec:s0 /system/bin/mdm_helper_proxy u:object_r:mdm_helper_exec:s0 /system/bin/ks u:object_r:mdm_helper_exec:s0 diff --git a/common/netmgrd.te b/common/netmgrd.te index 2d6bd052..e7c8ef71 100644 --- a/common/netmgrd.te +++ b/common/netmgrd.te @@ -55,3 +55,5 @@ allow netmgrd shell_exec:file { execute r_file_perms execute_no_trans }; allow netmgrd sysfs_esoc:lnk_file read; r_dir_file(netmgrd, sysfs_ssr); + +allow netmgrd wcnss_service_exec:file rx_file_perms; diff --git a/common/wcnss_service.te b/common/wcnss_service.te index 22e180e9..85d566ea 100644 --- a/common/wcnss_service.te +++ b/common/wcnss_service.te @@ -2,6 +2,7 @@ type wcnss_service, domain; type wcnss_service_exec, exec_type, file_type; init_daemon_domain(wcnss_service) +net_domain(wcnss_service) unix_socket_connect(wcnss_service, property, init) allow wcnss_service wcnss_device:chr_file rw_file_perms; @@ -12,3 +13,17 @@ allow wcnss_service wifi_data_file:dir w_dir_perms; allow wcnss_service wifi_data_file:file create_file_perms; allow wcnss_service system_prop:property_service set; +allow wcnss_service persist_file:dir r_dir_perms; +qmux_socket(wcnss_service); + +allow wcnss_service self:socket create_socket_perms; +allow wcnss_service smem_log_device:chr_file rw_file_perms; +allow wcnss_service proc_net:file write; + +# allow wpa_supplicant to send back wifi information to cnd +allow wcnss_service cnd:unix_dgram_socket sendto; +allow wcnss_service self:capability { setuid setgid dac_override net_admin }; + +allow wcnss_service self:netlink_socket create_socket_perms; +allow wcnss_service firmware_file:dir r_dir_perms; +allow wcnss_service firmware_file:file r_file_perms; |