tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

make unix_socket_connect() for property service a warning

Browse source 
Encourage the use of set_prop macro by making existing
unix_socket_connect(domain, property, init) calls
warn at compile time. When encountering one of these macros,
m4 will emit a deprecated message as follows:

m4: external/sepolicy/adbd.te: 97: deprecated: unix_socket_connect(adbd, property, init) Please use set_prop(adbd, <property name>) instead.

Change-Id: I997fed75d2683933e08db8b9efeecea71523c7c3
Signed-off-by: William Roberts <william.c.roberts@linux.intel.com>
This commit is contained in:
William Roberts 2015-05-11 13:02:46 -07:00
parent 520bb816b8
commit 1b4e69a734
1 changed files with 18 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
te_macros
View file

@ -129,6 +129,15 @@ typeattribute $1 bluetoothdomain;
# use set_prop(sourcedomain, targetproperty) # use set_prop(sourcedomain, targetproperty)
# #
define(`unix_socket_connect', ` define(`unix_socket_connect', `
ifelse($2, `property', `
ifelse($3,`init', `
print(`deprecated: unix_socket_connect($1, $2, $3) Please use set_prop($1, <property name>) instead.')
')
')
__unix_socket_connect__($1, $2, $3)
')
define(`__unix_socket_connect__', `
allow $1 $2_socket:sock_file write; allow $1 $2_socket:sock_file write;
allow $1 $3:unix_stream_socket connectto; allow $1 $3:unix_stream_socket connectto;
') ')
@ -139,7 +148,7 @@ allow $1 $3:unix_stream_socket connectto;
# targetproperty. # targetproperty.
# #
define(`set_prop', ` define(`set_prop', `
unix_socket_connect($1, property, init) __unix_socket_connect__($1, property, init)
allow $1 $2:property_service set; allow $1 $2:property_service set;
') ')
@ -244,11 +253,10 @@ allow $1 security_file:file r_file_perms;
# trigger runtime reload. # trigger runtime reload.
define(`selinux_manage_policy', ` define(`selinux_manage_policy', `
security_access_policy($1) security_access_policy($1)
unix_socket_connect($1, property, init)
allow $1 security_file:dir create_dir_perms; allow $1 security_file:dir create_dir_perms;
allow $1 security_file:file create_file_perms; allow $1 security_file:file create_file_perms;
allow $1 security_file:lnk_file { create rename unlink }; allow $1 security_file:lnk_file { create rename unlink };
allow $1 security_prop:property_service set; set_prop($1, security_prop)
') ')
##################################### #####################################
@ -257,11 +265,10 @@ allow $1 security_prop:property_service set;
# trigger runtime reload, change # trigger runtime reload, change
# mmac enforcing mode and access logcat. # mmac enforcing mode and access logcat.
define(`mmac_manage_policy', ` define(`mmac_manage_policy', `
unix_socket_connect($1, property, init)
allow $1 security_file:dir create_dir_perms; allow $1 security_file:dir create_dir_perms;
allow $1 security_file:file create_file_perms; allow $1 security_file:file create_file_perms;
allow $1 security_file:lnk_file { create rename unlink }; allow $1 security_file:lnk_file { create rename unlink };
allow $1 security_prop:property_service set; set_prop($1, security_prop)
') ')
##################################### #####################################
@ -374,3 +381,9 @@ define(`use_drmservice', `
allow drmserver $1:file { read open }; allow drmserver $1:file { read open };
allow drmserver $1:process getattr; allow drmserver $1:process getattr;
') ')
##########################################
# print a message with a trailing newline
# print(`args')
define(`print', `errprint(`m4: '__file__: __line__`: $*
')')