diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2014-02-21 11:28:20 -0500 |
---|---|---|
committer | Stephen Smalley <sds@tycho.nsa.gov> | 2014-02-21 11:34:53 -0500 |
commit | 7ade68d797a83b8f4e5162f523f4caa0f246ff03 (patch) | |
tree | 68455f939c34144953ae181ce35b358ac4de4cf8 /hostapd.te | |
parent | b73d321ad01bd279e7ed77c4569d35b628da6615 (diff) | |
download | android_external_sepolicy-7ade68d797a83b8f4e5162f523f4caa0f246ff03.tar.gz android_external_sepolicy-7ade68d797a83b8f4e5162f523f4caa0f246ff03.tar.bz2 android_external_sepolicy-7ade68d797a83b8f4e5162f523f4caa0f246ff03.zip |
Ensure that /data/misc/wifi/sockets is always labeled wpa_socket.
It appears that wpa_supplicant tries to rmdir /data/misc/wifi/sockets
and re-create it at times, so make sure that it remains labeled correctly
when re-created in this manner via a name-based type transition rule.
Do the same for hostapd as it also has permissions for creating/removing
this directory.
<5>[83921.800071] type=1400 audit(1392997522.105:26): avc: denied { rmdir } for pid=3055 comm="wpa_supplicant" name="sockets" dev="mmcblk0p28" ino=618957 scontext=u:r:wpa:s0 tcontext=u:object_r:wpa_socket:s0 tclass=dir
We no longer need the type_transition for sock_file as it will inherit
the type from the parent directory which is set via restorecon_recursive
/data/misc/wifi/sockets or via type_transition, so drop it.
Change-Id: Iffa61c426783eb03205ba6964c624c6ecea32630
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'hostapd.te')
-rw-r--r-- | hostapd.te | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -11,6 +11,7 @@ allow hostapd self:udp_socket { create ioctl }; allow hostapd wifi_data_file:file rw_file_perms; allow hostapd wifi_data_file:dir create_dir_perms; +type_transition hostapd wifi_data_file:dir wpa_socket "sockets"; allow hostapd wpa_socket:dir create_dir_perms; allow hostapd wpa_socket:sock_file create_file_perms; allow hostapd netd:fd use; |