From 504e759a60608949548ef14a23f856e055377ae4 Mon Sep 17 00:00:00 2001 From: Neelansh Mittal Date: Fri, 6 Nov 2015 15:21:41 +0530 Subject: Seandroid: Adding policy for WLAN. Adding SEL policies for netd and hostapd. These policies will allow the netd to bind to the hostapd as monitor and listen to messages from the hostapd.Also, these will allow the supplicant to access the wpa_socket directory if it's created by netd. CRs-Fixed: 756001 Change-Id: Ib2446898d721a78a5c6a434520f873c69cb65758 --- common/hostapd.te | 2 ++ common/net.te | 10 ++++++++++ 2 files changed, 12 insertions(+) (limited to 'common') diff --git a/common/hostapd.te b/common/hostapd.te index 09a24c21..54cec32d 100644 --- a/common/hostapd.te +++ b/common/hostapd.te @@ -42,3 +42,5 @@ allow hostapd cnd:{ allow hostapd cnd:fifo_file r_file_perms; allow hostapd smem_log_device:chr_file rw_file_perms; allow hostapd fstman:unix_dgram_socket sendto; +allow hostapd netd:unix_dgram_socket sendto; +allow hostapd wpa_socket:sock_file write; diff --git a/common/net.te b/common/net.te index f8cacb12..fc39608c 100644 --- a/common/net.te +++ b/common/net.te @@ -3,3 +3,13 @@ unix_socket_connect(netdomain, cnd, cnd) # allow netdomain access to dpmd unix_socket_connect(netdomain, dpmwrapper, dpmd) + +allow netd self:capability fsetid; +allow netd hostapd:unix_dgram_socket sendto; + +# Allow netd to chmod dir /data/misc/dhcp +allow netd dhcp_data_file:dir create_dir_perms; + +type_transition netd wifi_data_file:dir wpa_socket "sockets"; +allow netd wpa_socket:dir create_dir_perms; +allow netd wpa_socket:sock_file create_file_perms; -- cgit v1.2.3