From 215fe00636bb2f7aaf9be9b9d1591578b010a561 Mon Sep 17 00:00:00 2001 From: Ravinder Konka Date: Tue, 10 Mar 2015 22:04:54 -0700 Subject: DPM : sepolicy: allow netdomain access to cnd and dpmd Allow entities with netdomain permission access to cnd and dpmd Allow cnd to set socket options CYNGNOS-1222 Change-Id: Idf812e8e9db38bb319978c98588c0d9dfa1947f9 (cherry picked from commit 06765fd28cb401e31ab0f432001b447d5b5aa0c5) --- common/cnd.te | 2 +- common/net.te | 32 ++++++++++++++++++++++++++++++++ sepolicy.mk | 3 ++- 3 files changed, 35 insertions(+), 2 deletions(-) create mode 100644 common/net.te diff --git a/common/cnd.te b/common/cnd.te index 21e708a3..91bc97d5 100644 --- a/common/cnd.te +++ b/common/cnd.te @@ -58,7 +58,7 @@ allow cnd appdomain:tcp_socket rw_socket_perms; # allow cnd to communicate with system_server allow cnd system_server:dir search; allow cnd system_server:file { read open }; -allow cnd system_server:tcp_socket { write getattr shutdown getopt read bind }; +allow cnd system_server:tcp_socket { write getattr shutdown getopt read bind setopt }; # allow cnd to communicate with mediaserver allow cnd mediaserver:dir search; diff --git a/common/net.te b/common/net.te new file mode 100644 index 00000000..5005e40b --- /dev/null +++ b/common/net.te @@ -0,0 +1,32 @@ +# Copyright (c) 2015, The Linux Foundation. All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. + +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# allow netdomain access to cnd +unix_socket_connect(netdomain, cnd, cnd) + +# allow netdomain access to dpmd +unix_socket_connect(netdomain, dpmwrapper, dpmd) diff --git a/sepolicy.mk b/sepolicy.mk index ae5f4d77..d862bc1d 100644 --- a/sepolicy.mk +++ b/sepolicy.mk @@ -89,7 +89,8 @@ BOARD_SEPOLICY_UNION += \ energyawareness.te \ hbtp.te \ dtsconfigurator.te \ - vold.te + vold.te \ + net.te -include device/qcom/sepolicy/$(TARGET_BOARD_PLATFORM)/Android.mk -- cgit v1.2.3