Merge "sepolicy : clean-up of netd_socket usage."
This commit is contained in:
qctecmdr
Gerrit - the friendly Code Review server
commit
cc5fa63528
8 changed files with 0 additions and 21 deletions
3
generic/vendor/common/netmgrd.te
vendored
3
generic/vendor/common/netmgrd.te
vendored
|
|
@ -30,9 +30,6 @@ type netmgrd_exec, exec_type, vendor_file_type, file_type;
|
|||
net_domain(netmgrd)
|
||||
init_daemon_domain(netmgrd)
|
||||
|
||||
# communicate with netd
|
||||
unix_socket_connect(netmgrd, netd, netd)
|
||||
|
||||
allow netmgrd netmgrd_socket:dir w_dir_perms;
|
||||
allow netmgrd netmgrd_socket:sock_file create_file_perms;
|
||||
allow netmgrd self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_write };
|
||||
|
|
|
|||
2
legacy/vendor/common/ims.te
vendored
2
legacy/vendor/common/ims.te
vendored
|
|
@ -55,8 +55,6 @@ allow ims {
|
|||
#wpa_exec
|
||||
}:file rx_file_perms;
|
||||
|
||||
# Talk to netd via netd_socket
|
||||
unix_socket_connect(ims, netd, netd)
|
||||
|
||||
# Talk to qumuxd via ims_socket
|
||||
unix_socket_connect(ims, ims, qmuxd)
|
||||
|
|
|
|||
2
legacy/vendor/common/netd.te
vendored
2
legacy/vendor/common/netd.te
vendored
|
|
@ -33,8 +33,6 @@ allow netd qtitetherservice_service:service_manager find;
|
|||
|
||||
allow netd netd:packet_socket create_socket_perms_no_ioctl;
|
||||
|
||||
#unix_socket_connect(netd, cnd, cnd)
|
||||
|
||||
allow netd wfdservice:fd use;
|
||||
#allow netd wfdservice:tcp_socket rw_socket_perms;
|
||||
hal_client_domain(netd, wifidisplayhalservice);
|
||||
|
|
|
|||
4
legacy/vendor/common/netmgrd.te
vendored
4
legacy/vendor/common/netmgrd.te
vendored
|
|
@ -76,10 +76,6 @@ allow netmgrd { proc_net }:file rw_file_perms;
|
|||
|
||||
allow netmgrd self:socket create_socket_perms;
|
||||
|
||||
#Allow communication with netd
|
||||
#allow netmgrd netd_socket:sock_file w_file_perms;
|
||||
#r_dir_file(netmgrd, net_data_file)
|
||||
|
||||
allow netmgrd sysfs_data:file r_file_perms;
|
||||
|
||||
#Acquire lock on /system/etc/xtables.lock
|
||||
|
|
|
|||
3
legacy/vendor/common/system_app.te
vendored
3
legacy/vendor/common/system_app.te
vendored
|
|
@ -134,9 +134,6 @@ allow system_app self:netlink_kobject_uevent_socket { read bind setopt create };
|
|||
allow system_app radio_data_file:dir rw_dir_perms;
|
||||
allow system_app radio_data_file:file create_file_perms;
|
||||
|
||||
# allow system_app to access netd
|
||||
unix_socket_connect(system_app, netd, netd)
|
||||
|
||||
# required for FM App to connectto wcnss_filter sockets
|
||||
# serial device ttyHS0 (transport layer for FM)
|
||||
allow system_app serial_device:chr_file rw_file_perms;
|
||||
|
|
|
|||
|
|
@ -46,9 +46,6 @@ allow mirrorlink mirrorlink_data_file:dir create_dir_perms;
|
|||
# Allow read-write permissions to mirrorlink sockets under dev/socket/.
|
||||
allow mirrorlink mirrorlink_socket:sock_file { read write };
|
||||
|
||||
# Allow local socket connection from mirrorlink domain to netd domain via netd_socket.
|
||||
unix_socket_connect(mirrorlink, netd, netd);
|
||||
|
||||
# Allow read-write access to proc net device.
|
||||
allow mirrorlink proc_net:file rw_file_perms;
|
||||
|
||||
|
|
|
|||
|
|
@ -25,8 +25,6 @@
|
|||
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
|
||||
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
# allow system_app to access netd
|
||||
unix_socket_connect(system_app, netd, netd)
|
||||
# access to seemp folder
|
||||
allow system_app seemp_data_file:dir r_dir_perms;
|
||||
allow system_app seemp_data_file:{ file fifo_file } rw_file_perms;
|
||||
|
|
|
|||
2
qva/vendor/common/ims.te
vendored
2
qva/vendor/common/ims.te
vendored
|
|
@ -40,8 +40,6 @@ allow ims {
|
|||
wcnss_service_exec
|
||||
}:file rx_file_perms;
|
||||
|
||||
# Talk to netd via netd_socket
|
||||
unix_socket_connect(ims, netd, netd)
|
||||
|
||||
set_prop(ims, qcom_ims_prop)
|
||||
set_prop(ims, ctl_vendor_imsrcsservice_prop)
|
||||
|
|
|
|||
Loading…
Reference in a new issue