diff options
| -rw-r--r-- | common/cnd.te | 5 | ||||
| -rw-r--r-- | common/ipacm.te | 3 | ||||
| -rw-r--r-- | common/netd.te | 3 |
3 files changed, 10 insertions, 1 deletions
diff --git a/common/cnd.te b/common/cnd.te index 91bc97d5..e7da07b1 100644 --- a/common/cnd.te +++ b/common/cnd.te @@ -70,7 +70,10 @@ allow cnd mediaserver:file { open read }; allow cnd self:socket create_socket_perms; # allow cnd to access ipa_dev -allow cnd ipa_dev:chr_file r_file_perms; +allow cnd ipa_dev:chr_file rw_file_perms; # allow access to nims allow cnd socket_device:dir remove_name; + +# allow access ipa tether stats file +r_dir_file(cnd, ipacm_data_file) diff --git a/common/ipacm.te b/common/ipacm.te index 1c061fd1..1ea4b65d 100644 --- a/common/ipacm.te +++ b/common/ipacm.te @@ -6,6 +6,9 @@ type ipacm-diag_exec, exec_type, file_type; init_daemon_domain(ipacm) init_daemon_domain(ipacm-diag) +# associate netdomain to use for accessing internet sockets +net_domain(ipacm) + userdebug_or_eng(` # Allow using the logging file between ipacm and ipacm-diag allow ipacm ipacm-diag:unix_dgram_socket sendto; diff --git a/common/netd.te b/common/netd.te index 54c83891..b5fdecc5 100644 --- a/common/netd.te +++ b/common/netd.te @@ -11,3 +11,6 @@ dontaudit netd self:capability sys_module; #needed for ipt_TCPMSS and ip6t_TCPMSS allow netd kernel:system module_request; unix_socket_connect(netd, cnd, cnd) + +# allow to read /data/misc/ipa/tether_stats file +r_dir_file(netd, ipacm_data_file) |