Make ppp permissive or unconfined.

Also add rules from our policy. Change-Id: I6f552538cc4f6b28b2883aa74832230944cbdb7a Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
author: Stephen Smalley <sds@tycho.nsa.gov> 2013-10-29 14:42:38 -0400
committer: Stephen Smalley <sds@tycho.nsa.gov> 2014-02-11 10:14:59 -0500
commit: cc65fe8271ee7ed3c54a641a6c87262925db8f9f (patch)
tree: 7dcb7f503b74b2027ebbe75ab12a39f635aa1bb9 /ppp.te
parent: e21871c8b7250f5dfc746298ab170a869e6be94d (diff)
download: android_external_sepolicy-cc65fe8271ee7ed3c54a641a6c87262925db8f9f.tar.gz
android_external_sepolicy-cc65fe8271ee7ed3c54a641a6c87262925db8f9f.tar.bz2
android_external_sepolicy-cc65fe8271ee7ed3c54a641a6c87262925db8f9f.zip
1 files changed, 10 insertions, 1 deletions
diff --git a/ppp.te b/ppp.te
index 1f61fdd..21838f1 100644
--- a/ppp.te
+++ b/ppp.te
@@ -1,6 +1,15 @@
 # Point to Point Protocol daemon
 type ppp, domain;
+permissive_or_unconfined(ppp)
 type ppp_device, dev_type;
 type ppp_exec, exec_type, file_type;
-unconfined_domain(ppp)
 domain_auto_trans(mtp, ppp_exec, ppp)
+
+allow ppp mtp:socket rw_socket_perms;
+allow ppp ppp_device:chr_file rw_file_perms;
+allow ppp self:capability net_admin;
+allow ppp self:udp_socket create_socket_perms;
+allow ppp system_file:file rx_file_perms;
+allow ppp vpn_data_file:dir w_dir_perms;
+allow ppp vpn_data_file:file create_file_perms;
+allow ppp mtp:fd use;
author	Stephen Smalley <sds@tycho.nsa.gov>	2013-10-29 14:42:38 -0400
committer	Stephen Smalley <sds@tycho.nsa.gov>	2014-02-11 10:14:59 -0500
commit	cc65fe8271ee7ed3c54a641a6c87262925db8f9f (patch)
tree	7dcb7f503b74b2027ebbe75ab12a39f635aa1bb9 /ppp.te
parent	e21871c8b7250f5dfc746298ab170a869e6be94d (diff)
download	android_external_sepolicy-cc65fe8271ee7ed3c54a641a6c87262925db8f9f.tar.gz android_external_sepolicy-cc65fe8271ee7ed3c54a641a6c87262925db8f9f.tar.bz2 android_external_sepolicy-cc65fe8271ee7ed3c54a641a6c87262925db8f9f.zip