From 5f8d9f85b0b3b799f2ac15352ae3c92e61675dba Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Wed, 12 Mar 2014 15:09:17 -0400 Subject: Label /data/misc/wifi/hostapd with wpa_socket type. hostapd creates sockets under /data/misc/wifi/hostapd. Ensure that they are labeled correctly both at runtime (type_transition) and during the init.rc restorecon_recursive /data (file_contexts). Addresses denials such as: avc: denied { create } for pid=20476 comm="hostapd" name="wlan0" scontext=u:r:hostapd:s0 tcontext=u:object_r:wifi_data_file:s0 tclass=sock_file avc: denied { setattr } for pid=20476 comm="hostapd" name="wlan0" dev="mmcblk0p23" ino=619005 scontext=u:r:hostapd:s0 tcontext=u:object_r:wifi_data_file:s0 tclass=sock_file avc: denied { unlink } for pid=20476 comm="hostapd" name="wlan0" dev="mmcblk0p23" ino=619005 scontext=u:r:hostapd:s0 tcontext=u:object_r:wifi_data_file:s0 tclass=sock_file Change-Id: I80a443faeb6017a9d6cbdb8da9d7416f29a7b85f Signed-off-by: Stephen Smalley --- hostapd.te | 1 + 1 file changed, 1 insertion(+) (limited to 'hostapd.te') diff --git a/hostapd.te b/hostapd.te index 184b26f..90a0314 100644 --- a/hostapd.te +++ b/hostapd.te @@ -13,6 +13,7 @@ allow hostapd self:netlink_route_socket nlmsg_write; allow hostapd wifi_data_file:file rw_file_perms; allow hostapd wifi_data_file:dir create_dir_perms; type_transition hostapd wifi_data_file:dir wpa_socket "sockets"; +type_transition hostapd wifi_data_file:dir wpa_socket "hostapd"; allow hostapd wpa_socket:dir create_dir_perms; allow hostapd wpa_socket:sock_file create_file_perms; allow hostapd netd:fd use; -- cgit v1.2.3