tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Allow all Apps to Recv UDP Sockets from SystemServer" am: c37a39c26d

Browse source 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2143512

Change-Id: I214835a158c7851bb5971fe0fcf90cb1d8fb7fc2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Treehugger Robot 2022-07-04 08:30:12 +00:00 committed by Automerger Merge Worker
commit 06f721e8de
2 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
prebuilts/api/33.0/private/app.te
View file

@ -75,6 +75,11 @@ dontaudit appdomain vendor_default_prop:file read;
# Access to /mnt/media_rw/<vol> (limited by DAC to apps with external_storage gid)
allow { appdomain -sdk_sandbox } mnt_media_rw_file:dir search;
# allow apps to use UDP sockets provided by the system server but not
# modify them other than to connect
allow appdomain system_server:udp_socket {
connect getattr read recvfrom sendto write getopt setopt };
neverallow appdomain system_server:udp_socket {
accept append bind create ioctl listen lock name_bind
relabelfrom relabelto setattr shutdown };

5
private/app.te
View file

@ -75,6 +75,11 @@ dontaudit appdomain vendor_default_prop:file read;
# Access to /mnt/media_rw/<vol> (limited by DAC to apps with external_storage gid)
allow { appdomain -sdk_sandbox } mnt_media_rw_file:dir search;
# allow apps to use UDP sockets provided by the system server but not
# modify them other than to connect
allow appdomain system_server:udp_socket {
connect getattr read recvfrom sendto write getopt setopt };
neverallow appdomain system_server:udp_socket {
accept append bind create ioctl listen lock name_bind
relabelfrom relabelto setattr shutdown };