diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2014-03-12 15:09:17 -0400 |
|---|---|---|
| committer | Stephen Smalley <sds@tycho.nsa.gov> | 2014-03-12 15:09:17 -0400 |
| commit | 5f8d9f85b0b3b799f2ac15352ae3c92e61675dba (patch) | |
| tree | cd98da4e40edd4d817d5aed5ebced52b4af9b5da /hostapd.te | |
| parent | cb8c52623b304e78a707ec5bde4329d01e88cda4 (diff) | |
| download | android_external_sepolicy-5f8d9f85b0b3b799f2ac15352ae3c92e61675dba.tar.gz android_external_sepolicy-5f8d9f85b0b3b799f2ac15352ae3c92e61675dba.tar.bz2 android_external_sepolicy-5f8d9f85b0b3b799f2ac15352ae3c92e61675dba.zip | |
Label /data/misc/wifi/hostapd with wpa_socket type.
hostapd creates sockets under /data/misc/wifi/hostapd.
Ensure that they are labeled correctly both at runtime
(type_transition) and during the init.rc restorecon_recursive /data
(file_contexts).
Addresses denials such as:
avc: denied { create } for pid=20476 comm="hostapd" name="wlan0" scontext=u:r:hostapd:s0 tcontext=u:object_r:wifi_data_file:s0 tclass=sock_file
avc: denied { setattr } for pid=20476 comm="hostapd" name="wlan0" dev="mmcblk0p23" ino=619005 scontext=u:r:hostapd:s0 tcontext=u:object_r:wifi_data_file:s0 tclass=sock_file
avc: denied { unlink } for pid=20476 comm="hostapd" name="wlan0" dev="mmcblk0p23" ino=619005 scontext=u:r:hostapd:s0 tcontext=u:object_r:wifi_data_file:s0 tclass=sock_file
Change-Id: I80a443faeb6017a9d6cbdb8da9d7416f29a7b85f
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'hostapd.te')
| -rw-r--r-- | hostapd.te | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -13,6 +13,7 @@ allow hostapd self:netlink_route_socket nlmsg_write; allow hostapd wifi_data_file:file rw_file_perms; allow hostapd wifi_data_file:dir create_dir_perms; type_transition hostapd wifi_data_file:dir wpa_socket "sockets"; +type_transition hostapd wifi_data_file:dir wpa_socket "hostapd"; allow hostapd wpa_socket:dir create_dir_perms; allow hostapd wpa_socket:sock_file create_file_perms; allow hostapd netd:fd use; |