Make mtp permissive or unconfined.

Also add rules from our policy. Change-Id: I096025c1820f0b51f1abdf249c744cba387e0a65 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
author: Stephen Smalley <sds@tycho.nsa.gov> 2013-10-29 14:42:37 -0400
committer: Stephen Smalley <sds@tycho.nsa.gov> 2014-02-11 10:18:41 -0500
commit: 59702592ab2888410465c08e0cf72faa282df9cd (patch)
tree: 4d73b6858c6b4af63c5b9baef8f8f48a48ade073
parent: e21871c8b7250f5dfc746298ab170a869e6be94d (diff)
download: android_external_sepolicy-59702592ab2888410465c08e0cf72faa282df9cd.tar.gz
android_external_sepolicy-59702592ab2888410465c08e0cf72faa282df9cd.tar.bz2
android_external_sepolicy-59702592ab2888410465c08e0cf72faa282df9cd.zip
1 files changed, 10 insertions, 1 deletions
diff --git a/mtp.te b/mtp.te
index 48a5525..9681daf 100644
--- a/mtp.te
+++ b/mtp.te
@@ -1,7 +1,16 @@
 # vpn tunneling protocol manager
 type mtp, domain;
+permissive_or_unconfined(mtp)
 type mtp_exec, exec_type, file_type;
 
 init_daemon_domain(mtp)
 net_domain(mtp)
-unconfined_domain(mtp)
+
+# pptp policy
+allow mtp self:tcp_socket create_socket_perms;
+allow mtp self:socket create_socket_perms;
+allow mtp self:rawip_socket create_socket_perms;
+allow mtp self:capability net_raw;
+allow mtp ppp:process signal;
+allow mtp port:tcp_socket name_connect;
+allow mtp vpn_data_file:dir search;
author	Stephen Smalley <sds@tycho.nsa.gov>	2013-10-29 14:42:37 -0400
committer	Stephen Smalley <sds@tycho.nsa.gov>	2014-02-11 10:18:41 -0500
commit	59702592ab2888410465c08e0cf72faa282df9cd (patch)
tree	4d73b6858c6b4af63c5b9baef8f8f48a48ade073
parent	e21871c8b7250f5dfc746298ab170a869e6be94d (diff)
download	android_external_sepolicy-59702592ab2888410465c08e0cf72faa282df9cd.tar.gz android_external_sepolicy-59702592ab2888410465c08e0cf72faa282df9cd.tar.bz2 android_external_sepolicy-59702592ab2888410465c08e0cf72faa282df9cd.zip