Make all domains unconfined.

This prevents denials from being generated by the base policy.
Over time, these rules will be incrementally tightened to improve
security.

Change-Id: I4be1c987a5d69ac784a56d42fc2c9063c402de11

1 files changed, 1 insertions, 14 deletions

diff --git a/wpa_supplicant.te b/wpa_supplicant.te
index 2c4ea60..c924214 100644
--- a/wpa_supplicant.te
+++ b/wpa_supplicant.te
@@ -4,18 +4,5 @@ permissive wpa;
 type wpa_exec, exec_type, file_type;
 
 init_daemon_domain(wpa)
-allow wpa kernel:system module_request;
-allow wpa self:capability { setuid net_admin setgid net_raw };
-allow wpa cgroup:dir create_dir_perms;
-allow wpa self:netlink_route_socket *;
-allow wpa self:netlink_socket *;
-allow wpa self:packet_socket *;
-allow wpa self:udp_socket *;
-allow wpa wifi_data_file:dir create_dir_perms;
-allow wpa wifi_data_file:file create_file_perms;
-unix_socket_send(wpa, system_wpa, system)
-allow wpa random_device:chr_file r_file_perms;
-
-# Create a socket for receiving info from wpa
+unconfined_domain(wpa)
 type_transition wpa wifi_data_file:sock_file wpa_socket;
-allow wpa wpa_socket:sock_file create_file_perms;