diff options
author | repo sync <gcondra@google.com> | 2013-05-17 17:11:29 -0700 |
---|---|---|
committer | repo sync <gcondra@google.com> | 2013-05-20 11:08:05 -0700 |
commit | 77d4731e9d30c8971e076e2469d6957619019921 (patch) | |
tree | a09ca764a3474bfaf20c0aafee0bf3a907d382fe /wpa_supplicant.te | |
parent | 42cabf341c8a600a218023ec69b3518e3d3d482c (diff) | |
download | android_external_sepolicy-77d4731e9d30c8971e076e2469d6957619019921.tar.gz android_external_sepolicy-77d4731e9d30c8971e076e2469d6957619019921.tar.bz2 android_external_sepolicy-77d4731e9d30c8971e076e2469d6957619019921.zip |
Make all domains unconfined.
This prevents denials from being generated by the base policy.
Over time, these rules will be incrementally tightened to improve
security.
Change-Id: I4be1c987a5d69ac784a56d42fc2c9063c402de11
Diffstat (limited to 'wpa_supplicant.te')
-rw-r--r-- | wpa_supplicant.te | 15 |
1 files changed, 1 insertions, 14 deletions
diff --git a/wpa_supplicant.te b/wpa_supplicant.te index 2c4ea60..c924214 100644 --- a/wpa_supplicant.te +++ b/wpa_supplicant.te @@ -4,18 +4,5 @@ permissive wpa; type wpa_exec, exec_type, file_type; init_daemon_domain(wpa) -allow wpa kernel:system module_request; -allow wpa self:capability { setuid net_admin setgid net_raw }; -allow wpa cgroup:dir create_dir_perms; -allow wpa self:netlink_route_socket *; -allow wpa self:netlink_socket *; -allow wpa self:packet_socket *; -allow wpa self:udp_socket *; -allow wpa wifi_data_file:dir create_dir_perms; -allow wpa wifi_data_file:file create_file_perms; -unix_socket_send(wpa, system_wpa, system) -allow wpa random_device:chr_file r_file_perms; - -# Create a socket for receiving info from wpa +unconfined_domain(wpa) type_transition wpa wifi_data_file:sock_file wpa_socket; -allow wpa wpa_socket:sock_file create_file_perms; |