sepolicy : clean-up of netd_socket usage.
As public defination of netd_scoket is removed removing all the references to this. Change-Id: I752d1d546d5d6e76dc4e43fc3d4a90b0aca077c8
This commit is contained in:
parent
7191695bde
commit
4cb4eee99e
8 changed files with 0 additions and 21 deletions
3
generic/vendor/common/netmgrd.te
vendored
3
generic/vendor/common/netmgrd.te
vendored
|
@ -30,9 +30,6 @@ type netmgrd_exec, exec_type, vendor_file_type, file_type;
|
||||||
net_domain(netmgrd)
|
net_domain(netmgrd)
|
||||||
init_daemon_domain(netmgrd)
|
init_daemon_domain(netmgrd)
|
||||||
|
|
||||||
# communicate with netd
|
|
||||||
unix_socket_connect(netmgrd, netd, netd)
|
|
||||||
|
|
||||||
allow netmgrd netmgrd_socket:dir w_dir_perms;
|
allow netmgrd netmgrd_socket:dir w_dir_perms;
|
||||||
allow netmgrd netmgrd_socket:sock_file create_file_perms;
|
allow netmgrd netmgrd_socket:sock_file create_file_perms;
|
||||||
allow netmgrd self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_write };
|
allow netmgrd self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_write };
|
||||||
|
|
2
legacy/vendor/common/ims.te
vendored
2
legacy/vendor/common/ims.te
vendored
|
@ -55,8 +55,6 @@ allow ims {
|
||||||
#wpa_exec
|
#wpa_exec
|
||||||
}:file rx_file_perms;
|
}:file rx_file_perms;
|
||||||
|
|
||||||
# Talk to netd via netd_socket
|
|
||||||
unix_socket_connect(ims, netd, netd)
|
|
||||||
|
|
||||||
# Talk to qumuxd via ims_socket
|
# Talk to qumuxd via ims_socket
|
||||||
unix_socket_connect(ims, ims, qmuxd)
|
unix_socket_connect(ims, ims, qmuxd)
|
||||||
|
|
2
legacy/vendor/common/netd.te
vendored
2
legacy/vendor/common/netd.te
vendored
|
@ -33,8 +33,6 @@ allow netd qtitetherservice_service:service_manager find;
|
||||||
|
|
||||||
allow netd netd:packet_socket create_socket_perms_no_ioctl;
|
allow netd netd:packet_socket create_socket_perms_no_ioctl;
|
||||||
|
|
||||||
#unix_socket_connect(netd, cnd, cnd)
|
|
||||||
|
|
||||||
allow netd wfdservice:fd use;
|
allow netd wfdservice:fd use;
|
||||||
#allow netd wfdservice:tcp_socket rw_socket_perms;
|
#allow netd wfdservice:tcp_socket rw_socket_perms;
|
||||||
hal_client_domain(netd, wifidisplayhalservice);
|
hal_client_domain(netd, wifidisplayhalservice);
|
||||||
|
|
4
legacy/vendor/common/netmgrd.te
vendored
4
legacy/vendor/common/netmgrd.te
vendored
|
@ -76,10 +76,6 @@ allow netmgrd { proc_net }:file rw_file_perms;
|
||||||
|
|
||||||
allow netmgrd self:socket create_socket_perms;
|
allow netmgrd self:socket create_socket_perms;
|
||||||
|
|
||||||
#Allow communication with netd
|
|
||||||
#allow netmgrd netd_socket:sock_file w_file_perms;
|
|
||||||
#r_dir_file(netmgrd, net_data_file)
|
|
||||||
|
|
||||||
allow netmgrd sysfs_data:file r_file_perms;
|
allow netmgrd sysfs_data:file r_file_perms;
|
||||||
|
|
||||||
#Acquire lock on /system/etc/xtables.lock
|
#Acquire lock on /system/etc/xtables.lock
|
||||||
|
|
3
legacy/vendor/common/system_app.te
vendored
3
legacy/vendor/common/system_app.te
vendored
|
@ -134,9 +134,6 @@ allow system_app self:netlink_kobject_uevent_socket { read bind setopt create };
|
||||||
allow system_app radio_data_file:dir rw_dir_perms;
|
allow system_app radio_data_file:dir rw_dir_perms;
|
||||||
allow system_app radio_data_file:file create_file_perms;
|
allow system_app radio_data_file:file create_file_perms;
|
||||||
|
|
||||||
# allow system_app to access netd
|
|
||||||
unix_socket_connect(system_app, netd, netd)
|
|
||||||
|
|
||||||
# required for FM App to connectto wcnss_filter sockets
|
# required for FM App to connectto wcnss_filter sockets
|
||||||
# serial device ttyHS0 (transport layer for FM)
|
# serial device ttyHS0 (transport layer for FM)
|
||||||
allow system_app serial_device:chr_file rw_file_perms;
|
allow system_app serial_device:chr_file rw_file_perms;
|
||||||
|
|
|
@ -46,9 +46,6 @@ allow mirrorlink mirrorlink_data_file:dir create_dir_perms;
|
||||||
# Allow read-write permissions to mirrorlink sockets under dev/socket/.
|
# Allow read-write permissions to mirrorlink sockets under dev/socket/.
|
||||||
allow mirrorlink mirrorlink_socket:sock_file { read write };
|
allow mirrorlink mirrorlink_socket:sock_file { read write };
|
||||||
|
|
||||||
# Allow local socket connection from mirrorlink domain to netd domain via netd_socket.
|
|
||||||
unix_socket_connect(mirrorlink, netd, netd);
|
|
||||||
|
|
||||||
# Allow read-write access to proc net device.
|
# Allow read-write access to proc net device.
|
||||||
allow mirrorlink proc_net:file rw_file_perms;
|
allow mirrorlink proc_net:file rw_file_perms;
|
||||||
|
|
||||||
|
|
|
@ -25,8 +25,6 @@
|
||||||
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
|
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
|
||||||
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
|
||||||
# allow system_app to access netd
|
|
||||||
unix_socket_connect(system_app, netd, netd)
|
|
||||||
# access to seemp folder
|
# access to seemp folder
|
||||||
allow system_app seemp_data_file:dir r_dir_perms;
|
allow system_app seemp_data_file:dir r_dir_perms;
|
||||||
allow system_app seemp_data_file:{ file fifo_file } rw_file_perms;
|
allow system_app seemp_data_file:{ file fifo_file } rw_file_perms;
|
||||||
|
|
2
qva/vendor/common/ims.te
vendored
2
qva/vendor/common/ims.te
vendored
|
@ -40,8 +40,6 @@ allow ims {
|
||||||
wcnss_service_exec
|
wcnss_service_exec
|
||||||
}:file rx_file_perms;
|
}:file rx_file_perms;
|
||||||
|
|
||||||
# Talk to netd via netd_socket
|
|
||||||
unix_socket_connect(ims, netd, netd)
|
|
||||||
|
|
||||||
set_prop(ims, qcom_ims_prop)
|
set_prop(ims, qcom_ims_prop)
|
||||||
set_prop(ims, ctl_vendor_imsrcsservice_prop)
|
set_prop(ims, ctl_vendor_imsrcsservice_prop)
|
||||||
|
|
Loading…
Reference in a new issue