2012-01-04 18:33:27 +01:00
|
|
|
# network manager
|
2015-11-03 18:54:39 +01:00
|
|
|
type netd, domain, domain_deprecated, mlstrustedsubject;
|
2012-01-04 18:33:27 +01:00
|
|
|
type netd_exec, exec_type, file_type;
|
|
|
|
|
|
|
|
init_daemon_domain(netd)
|
2013-12-16 04:04:09 +01:00
|
|
|
net_domain(netd)
|
|
|
|
|
2014-02-24 19:00:59 +01:00
|
|
|
allow netd self:capability { net_admin net_raw kill };
|
|
|
|
# Note: fsetid is deliberately not included above. fsetid checks are
|
|
|
|
# triggered by chmod on a directory or file owned by a group other
|
|
|
|
# than one of the groups assigned to the current process to see if
|
|
|
|
# the setgid bit should be cleared, regardless of whether the setgid
|
|
|
|
# bit was even set. We do not appear to truly need this capability
|
2015-04-03 00:36:51 +02:00
|
|
|
# for netd to operate.
|
|
|
|
dontaudit netd self:capability fsetid;
|
2014-02-24 19:00:59 +01:00
|
|
|
|
2014-02-24 21:06:11 +01:00
|
|
|
allow netd self:netlink_kobject_uevent_socket create_socket_perms;
|
|
|
|
allow netd self:netlink_route_socket nlmsg_write;
|
|
|
|
allow netd self:netlink_nflog_socket create_socket_perms;
|
2014-12-16 22:08:16 +01:00
|
|
|
allow netd self:netlink_socket create_socket_perms;
|
Enable SELinux protections for netd.
This change does several things:
1) Restore domain.te to the version present at
cd516a32663b4eb11b2e3356b86450020e59e279 . This is the version
currently being distributed in AOSP.
2) Add "allow domain properties_device:file r_file_perms;" to
domain.te, to allow all domains to read /dev/__properties__ .
This change was missing from AOSP.
3) Restore netd.te to the version present at
80c9ba5267f1a6ceffcf979471d101948b520ad6 . This is the version
currently being distributed in AOSP.
4) Remove anything involving module loading from netd.te. CTS
enforces that Android kernels can't have module loading enabled.
5) Add several new capabilities, plus data file rules, to
netd.te, since netd needs to write to files owned by wifi.
6) Add a new unconfined domain called dnsmasq.te, and allow
transitions from netd to that domain. Over time, we'll tighten up
the dnsmasq.te domain.
7) Add a new unconfined domain called hostapd.te, and allow
transitions from netd to that domain. Over time, we'll tighten up
the hostapd.te domain.
The net effect of these changes is to re-enable SELinux protections
for netd. The policy is FAR from perfect, and allows a lot of wiggle
room, but we can improve it over time.
Testing: as much as possible, I've exercised networking related
functionality, including turning on and off wifi, entering airplane
mode, and enabling tethering and portable wifi hotspots. It's quite
possible I've missed something, and if we experience problems, I
can roll back this change.
Bug: 9618347
Change-Id: I23ff3eebcef629bc7baabcf6962f25f116c4a3c0
2013-06-28 00:11:02 +02:00
|
|
|
allow netd shell_exec:file rx_file_perms;
|
|
|
|
allow netd system_file:file x_file_perms;
|
|
|
|
allow netd devpts:chr_file rw_file_perms;
|
|
|
|
|
|
|
|
# For /proc/sys/net/ipv[46]/route/flush.
|
2015-02-25 22:28:40 +01:00
|
|
|
allow netd proc_net:file write;
|
Enable SELinux protections for netd.
This change does several things:
1) Restore domain.te to the version present at
cd516a32663b4eb11b2e3356b86450020e59e279 . This is the version
currently being distributed in AOSP.
2) Add "allow domain properties_device:file r_file_perms;" to
domain.te, to allow all domains to read /dev/__properties__ .
This change was missing from AOSP.
3) Restore netd.te to the version present at
80c9ba5267f1a6ceffcf979471d101948b520ad6 . This is the version
currently being distributed in AOSP.
4) Remove anything involving module loading from netd.te. CTS
enforces that Android kernels can't have module loading enabled.
5) Add several new capabilities, plus data file rules, to
netd.te, since netd needs to write to files owned by wifi.
6) Add a new unconfined domain called dnsmasq.te, and allow
transitions from netd to that domain. Over time, we'll tighten up
the dnsmasq.te domain.
7) Add a new unconfined domain called hostapd.te, and allow
transitions from netd to that domain. Over time, we'll tighten up
the hostapd.te domain.
The net effect of these changes is to re-enable SELinux protections
for netd. The policy is FAR from perfect, and allows a lot of wiggle
room, but we can improve it over time.
Testing: as much as possible, I've exercised networking related
functionality, including turning on and off wifi, entering airplane
mode, and enabling tethering and portable wifi hotspots. It's quite
possible I've missed something, and if we experience problems, I
can roll back this change.
Bug: 9618347
Change-Id: I23ff3eebcef629bc7baabcf6962f25f116c4a3c0
2013-06-28 00:11:02 +02:00
|
|
|
|
|
|
|
# For /sys/modules/bcmdhd/parameters/firmware_path
|
|
|
|
# XXX Split into its own type.
|
|
|
|
allow netd sysfs:file write;
|
|
|
|
|
|
|
|
# Set dhcp lease for PAN connection
|
2015-05-05 03:22:45 +02:00
|
|
|
set_prop(netd, dhcp_prop)
|
|
|
|
set_prop(netd, system_prop)
|
2014-06-19 16:27:02 +02:00
|
|
|
auditallow netd system_prop:property_service set;
|
Enable SELinux protections for netd.
This change does several things:
1) Restore domain.te to the version present at
cd516a32663b4eb11b2e3356b86450020e59e279 . This is the version
currently being distributed in AOSP.
2) Add "allow domain properties_device:file r_file_perms;" to
domain.te, to allow all domains to read /dev/__properties__ .
This change was missing from AOSP.
3) Restore netd.te to the version present at
80c9ba5267f1a6ceffcf979471d101948b520ad6 . This is the version
currently being distributed in AOSP.
4) Remove anything involving module loading from netd.te. CTS
enforces that Android kernels can't have module loading enabled.
5) Add several new capabilities, plus data file rules, to
netd.te, since netd needs to write to files owned by wifi.
6) Add a new unconfined domain called dnsmasq.te, and allow
transitions from netd to that domain. Over time, we'll tighten up
the dnsmasq.te domain.
7) Add a new unconfined domain called hostapd.te, and allow
transitions from netd to that domain. Over time, we'll tighten up
the hostapd.te domain.
The net effect of these changes is to re-enable SELinux protections
for netd. The policy is FAR from perfect, and allows a lot of wiggle
room, but we can improve it over time.
Testing: as much as possible, I've exercised networking related
functionality, including turning on and off wifi, entering airplane
mode, and enabling tethering and portable wifi hotspots. It's quite
possible I've missed something, and if we experience problems, I
can roll back this change.
Bug: 9618347
Change-Id: I23ff3eebcef629bc7baabcf6962f25f116c4a3c0
2013-06-28 00:11:02 +02:00
|
|
|
|
|
|
|
# Connect to PAN
|
2013-04-04 17:31:00 +02:00
|
|
|
domain_auto_trans(netd, dhcp_exec, dhcp)
|
Enable SELinux protections for netd.
This change does several things:
1) Restore domain.te to the version present at
cd516a32663b4eb11b2e3356b86450020e59e279 . This is the version
currently being distributed in AOSP.
2) Add "allow domain properties_device:file r_file_perms;" to
domain.te, to allow all domains to read /dev/__properties__ .
This change was missing from AOSP.
3) Restore netd.te to the version present at
80c9ba5267f1a6ceffcf979471d101948b520ad6 . This is the version
currently being distributed in AOSP.
4) Remove anything involving module loading from netd.te. CTS
enforces that Android kernels can't have module loading enabled.
5) Add several new capabilities, plus data file rules, to
netd.te, since netd needs to write to files owned by wifi.
6) Add a new unconfined domain called dnsmasq.te, and allow
transitions from netd to that domain. Over time, we'll tighten up
the dnsmasq.te domain.
7) Add a new unconfined domain called hostapd.te, and allow
transitions from netd to that domain. Over time, we'll tighten up
the hostapd.te domain.
The net effect of these changes is to re-enable SELinux protections
for netd. The policy is FAR from perfect, and allows a lot of wiggle
room, but we can improve it over time.
Testing: as much as possible, I've exercised networking related
functionality, including turning on and off wifi, entering airplane
mode, and enabling tethering and portable wifi hotspots. It's quite
possible I've missed something, and if we experience problems, I
can roll back this change.
Bug: 9618347
Change-Id: I23ff3eebcef629bc7baabcf6962f25f116c4a3c0
2013-06-28 00:11:02 +02:00
|
|
|
allow netd dhcp:process signal;
|
|
|
|
|
|
|
|
# Needed to update /data/misc/wifi/hostapd.conf
|
|
|
|
# TODO: See what we can do to reduce the need for
|
|
|
|
# these capabilities
|
|
|
|
allow netd self:capability { dac_override chown fowner };
|
|
|
|
allow netd wifi_data_file:file create_file_perms;
|
|
|
|
allow netd wifi_data_file:dir rw_dir_perms;
|
|
|
|
|
2014-07-08 07:04:57 +02:00
|
|
|
# Needed to update /data/misc/net/rt_tables
|
|
|
|
allow netd net_data_file:file create_file_perms;
|
|
|
|
allow netd net_data_file:dir rw_dir_perms;
|
|
|
|
|
Enable SELinux protections for netd.
This change does several things:
1) Restore domain.te to the version present at
cd516a32663b4eb11b2e3356b86450020e59e279 . This is the version
currently being distributed in AOSP.
2) Add "allow domain properties_device:file r_file_perms;" to
domain.te, to allow all domains to read /dev/__properties__ .
This change was missing from AOSP.
3) Restore netd.te to the version present at
80c9ba5267f1a6ceffcf979471d101948b520ad6 . This is the version
currently being distributed in AOSP.
4) Remove anything involving module loading from netd.te. CTS
enforces that Android kernels can't have module loading enabled.
5) Add several new capabilities, plus data file rules, to
netd.te, since netd needs to write to files owned by wifi.
6) Add a new unconfined domain called dnsmasq.te, and allow
transitions from netd to that domain. Over time, we'll tighten up
the dnsmasq.te domain.
7) Add a new unconfined domain called hostapd.te, and allow
transitions from netd to that domain. Over time, we'll tighten up
the hostapd.te domain.
The net effect of these changes is to re-enable SELinux protections
for netd. The policy is FAR from perfect, and allows a lot of wiggle
room, but we can improve it over time.
Testing: as much as possible, I've exercised networking related
functionality, including turning on and off wifi, entering airplane
mode, and enabling tethering and portable wifi hotspots. It's quite
possible I've missed something, and if we experience problems, I
can roll back this change.
Bug: 9618347
Change-Id: I23ff3eebcef629bc7baabcf6962f25f116c4a3c0
2013-06-28 00:11:02 +02:00
|
|
|
# Allow netd to spawn hostapd in it's own domain
|
|
|
|
domain_auto_trans(netd, hostapd_exec, hostapd)
|
|
|
|
allow netd hostapd:process signal;
|
|
|
|
|
|
|
|
# Allow netd to spawn dnsmasq in it's own domain
|
|
|
|
domain_auto_trans(netd, dnsmasq_exec, dnsmasq)
|
|
|
|
allow netd dnsmasq:process signal;
|
|
|
|
|
2013-08-05 08:32:56 +02:00
|
|
|
# Allow netd to start clatd in its own domain
|
|
|
|
domain_auto_trans(netd, clatd_exec, clatd)
|
|
|
|
allow netd clatd:process signal;
|
|
|
|
|
2015-05-05 03:22:45 +02:00
|
|
|
set_prop(netd, ctl_mdnsd_prop)
|
2013-07-13 06:28:41 +02:00
|
|
|
|
2014-05-01 20:12:10 +02:00
|
|
|
# Allow netd to operate on sockets that are passed to it.
|
|
|
|
allow netd netdomain:{tcp_socket udp_socket rawip_socket dccp_socket tun_socket} {read write getattr setattr getopt setopt};
|
|
|
|
allow netd netdomain:fd use;
|
|
|
|
|
2013-07-13 06:28:41 +02:00
|
|
|
###
|
|
|
|
### Neverallow rules
|
|
|
|
###
|
|
|
|
### netd should NEVER do any of this
|
|
|
|
|
|
|
|
# Block device access.
|
|
|
|
neverallow netd dev_type:blk_file { read write };
|
|
|
|
|
|
|
|
# ptrace any other app
|
|
|
|
neverallow netd { domain }:process ptrace;
|
|
|
|
|
|
|
|
# Write to /system.
|
|
|
|
neverallow netd system_file:dir_file_class_set write;
|
|
|
|
|
|
|
|
# Write to files in /data/data or system files on /data
|
|
|
|
neverallow netd { app_data_file system_data_file }:dir_file_class_set write;
|