Make dnsmasq permissive or unconfined.

Also add rules from our policy. Change-Id: I86f07f54c5120c511f9cab2877cf765c3ae7c1a8 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
author: Stephen Smalley <sds@tycho.nsa.gov> 2013-10-29 14:42:35 -0400
committer: Stephen Smalley <sds@tycho.nsa.gov> 2014-02-11 10:24:40 -0500
commit: c6a28f0cb2368922e199d6a46a20180881f50dc7 (patch)
tree: b69fe38227d6cae7da60ac44d8da5c14429f6145 /dnsmasq.te
parent: e21871c8b7250f5dfc746298ab170a869e6be94d (diff)
download: android_external_sepolicy-c6a28f0cb2368922e199d6a46a20180881f50dc7.tar.gz
android_external_sepolicy-c6a28f0cb2368922e199d6a46a20180881f50dc7.tar.bz2
android_external_sepolicy-c6a28f0cb2368922e199d6a46a20180881f50dc7.zip
1 files changed, 9 insertions, 3 deletions
diff --git a/dnsmasq.te b/dnsmasq.te
index a5c647a..0e16580 100644
--- a/dnsmasq.te
+++ b/dnsmasq.te
@@ -1,6 +1,12 @@
+# DNS, DHCP services
 type dnsmasq, domain;
+permissive_or_unconfined(dnsmasq)
 type dnsmasq_exec, exec_type, file_type;
 
-init_daemon_domain(dnsmasq)
-net_domain(dnsmasq)
-unconfined_domain(dnsmasq)
+allow dnsmasq self:capability { net_bind_service setgid setuid };
+allow dnsmasq self:tcp_socket create_socket_perms;
+
+allow dnsmasq dhcp_data_file:dir w_dir_perms;
+allow dnsmasq dhcp_data_file:file create_file_perms;
+allow dnsmasq port:tcp_socket name_bind;
+allow dnsmasq node:tcp_socket node_bind;
author	Stephen Smalley <sds@tycho.nsa.gov>	2013-10-29 14:42:35 -0400
committer	Stephen Smalley <sds@tycho.nsa.gov>	2014-02-11 10:24:40 -0500
commit	c6a28f0cb2368922e199d6a46a20180881f50dc7 (patch)
tree	b69fe38227d6cae7da60ac44d8da5c14429f6145 /dnsmasq.te
parent	e21871c8b7250f5dfc746298ab170a869e6be94d (diff)
download	android_external_sepolicy-c6a28f0cb2368922e199d6a46a20180881f50dc7.tar.gz android_external_sepolicy-c6a28f0cb2368922e199d6a46a20180881f50dc7.tar.bz2 android_external_sepolicy-c6a28f0cb2368922e199d6a46a20180881f50dc7.zip