Merge changes Ifa33dae9,I69ccc6af,Ibb4db9d9
am: d16a3968f3
Change-Id: Ib57570877f9195b2d54337552e4ee868f7dbc29f
This commit is contained in:
Roshan Pius
android-build-merger
commit
34c69ae8eb
9 changed files with 8 additions and 53 deletions
|
|
@ -42,5 +42,4 @@
|
|||
vendor_boringssl_self_test
|
||||
vendor_install_recovery
|
||||
vendor_install_recovery_exec
|
||||
virtual_ab_prop
|
||||
wifi_stack_service))
|
||||
virtual_ab_prop))
|
||||
|
|
|
|||
|
|
@ -35,5 +35,4 @@ neverallow {
|
|||
-shell
|
||||
userdebug_or_eng(`-su')
|
||||
-system_app
|
||||
-network_stack
|
||||
} runtime_event_log_tags_file:file no_rw_file_perms;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
############### Networking service app - NetworkStack.apk ##############
|
||||
# Networking service app
|
||||
typeattribute network_stack coredomain;
|
||||
|
||||
app_domain(network_stack);
|
||||
|
|
@ -29,45 +29,6 @@ allow network_stack radio_data_file:file create_file_perms;
|
|||
|
||||
binder_call(network_stack, netd);
|
||||
|
||||
############### Wifi Service app - WifiStack.apk ##############
|
||||
# Data file accesses.
|
||||
# Manage /data/misc/wifi & /data/misc_ce/<user_id>/wifi.
|
||||
allow network_stack wifi_data_file:dir create_dir_perms;
|
||||
allow network_stack wifi_data_file:file create_file_perms;
|
||||
|
||||
# Property accesses
|
||||
userdebug_or_eng(`
|
||||
set_prop(network_stack, wifi_log_prop)
|
||||
|
||||
# Allow network_stack to read dmesg
|
||||
# TODO(b/137085509): Remove this.
|
||||
allow network_stack kernel:system syslog_read;
|
||||
')
|
||||
|
||||
# Binder IPC.
|
||||
allow network_stack audioserver_service:service_manager find;
|
||||
allow network_stack network_score_service:service_manager find;
|
||||
allow network_stack network_stack_service:service_manager find;
|
||||
allow network_stack radio_service:service_manager find;
|
||||
allow network_stack wificond_service:service_manager find;
|
||||
allow network_stack wifiscanner_service:service_manager find;
|
||||
binder_call(network_stack, system_server)
|
||||
binder_call(network_stack, wificond)
|
||||
|
||||
# HwBinder IPC.
|
||||
hal_client_domain(network_stack, hal_wifi)
|
||||
hal_client_domain(network_stack, hal_wifi_hostapd)
|
||||
hal_client_domain(network_stack, hal_wifi_supplicant)
|
||||
|
||||
# Allow WifiService to start, stop, and read wifi-specific trace events.
|
||||
allow network_stack debugfs_tracing_instances:dir search;
|
||||
allow network_stack debugfs_wifi_tracing:dir search;
|
||||
allow network_stack debugfs_wifi_tracing:file rw_file_perms;
|
||||
|
||||
# dumpstate support
|
||||
allow network_stack dumpstate:fd use;
|
||||
allow network_stack dumpstate:fifo_file write;
|
||||
|
||||
# Create/use netlink_tcpdiag_socket to get tcp info
|
||||
allow network_stack self:netlink_tcpdiag_socket { create_socket_perms_no_ioctl nlmsg_read nlmsg_write };
|
||||
############### Tethering Service app - Tethering.apk ##############
|
||||
|
|
|
|||
|
|
@ -144,7 +144,7 @@ isSystemServer=true domain=system_server_startup
|
|||
user=_app seinfo=platform name=com.android.traceur domain=traceur_app type=app_data_file levelFrom=all
|
||||
user=system seinfo=platform domain=system_app type=system_app_data_file
|
||||
user=bluetooth seinfo=platform domain=bluetooth type=bluetooth_data_file
|
||||
user=network_stack seinfo=network_stack domain=network_stack type=radio_data_file
|
||||
user=network_stack seinfo=network_stack domain=network_stack levelFrom=all type=radio_data_file
|
||||
user=nfc seinfo=platform domain=nfc type=nfc_data_file
|
||||
user=secure_element seinfo=platform domain=secure_element levelFrom=all
|
||||
user=radio seinfo=platform domain=radio type=radio_data_file
|
||||
|
|
|
|||
|
|
@ -226,6 +226,5 @@ wifi u:object_r:wifi_service:s0
|
|||
wificond u:object_r:wificond_service:s0
|
||||
wifiaware u:object_r:wifiaware_service:s0
|
||||
wifirtt u:object_r:rttmanager_service:s0
|
||||
wifi_stack u:object_r:wifi_stack_service:s0
|
||||
window u:object_r:window_service:s0
|
||||
* u:object_r:default_android_service:s0
|
||||
|
|
|
|||
|
|
@ -21,7 +21,6 @@ allow vold_prepare_subdirs {
|
|||
rollback_data_file
|
||||
storaged_data_file
|
||||
vold_data_file
|
||||
wifi_data_file
|
||||
}:dir { create_dir_perms relabelto };
|
||||
allow vold_prepare_subdirs {
|
||||
backup_data_file
|
||||
|
|
@ -32,7 +31,6 @@ allow vold_prepare_subdirs {
|
|||
storaged_data_file
|
||||
system_data_file
|
||||
vold_data_file
|
||||
wifi_data_file
|
||||
}:file { getattr unlink };
|
||||
|
||||
dontaudit vold_prepare_subdirs { proc unlabeled }:file r_file_perms;
|
||||
|
|
|
|||
|
|
@ -364,7 +364,7 @@ allow appdomain zygote_tmpfs:file { map read };
|
|||
###
|
||||
|
||||
# Superuser capabilities.
|
||||
# bluetooth/wifi requires net_admin and wake_alarm. network stack app requires net_admin.
|
||||
# bluetooth requires net_admin and wake_alarm. network stack app requires net_admin.
|
||||
neverallow { appdomain -bluetooth -network_stack } self:capability_class_set *;
|
||||
|
||||
# Block device access.
|
||||
|
|
@ -488,8 +488,9 @@ neverallow appdomain
|
|||
neverallow appdomain
|
||||
systemkeys_data_file:dir_file_class_set
|
||||
{ create write setattr relabelfrom relabelto append unlink link rename };
|
||||
neverallow { appdomain -network_stack }
|
||||
wifi_data_file:dir_file_class_set *;
|
||||
neverallow appdomain
|
||||
wifi_data_file:dir_file_class_set
|
||||
{ create write setattr relabelfrom relabelto append unlink link rename };
|
||||
neverallow appdomain
|
||||
dhcp_data_file:dir_file_class_set
|
||||
{ create write setattr relabelfrom relabelto append unlink link rename };
|
||||
|
|
@ -512,7 +513,7 @@ neverallow appdomain
|
|||
proc:dir_file_class_set write;
|
||||
|
||||
# Access to syslog(2) or /proc/kmsg.
|
||||
neverallow { appdomain userdebug_or_eng(`-network_stack') } kernel:system { syslog_read syslog_mod syslog_console };
|
||||
neverallow appdomain kernel:system { syslog_read syslog_mod syslog_console };
|
||||
|
||||
# SELinux is not an API for apps to use
|
||||
neverallow { appdomain -shell } *:security { compute_av check_context };
|
||||
|
|
|
|||
|
|
@ -186,7 +186,6 @@ type webviewupdate_service, app_api_service, ephemeral_app_api_service, system_s
|
|||
type wifip2p_service, app_api_service, system_server_service, service_manager_type;
|
||||
type wifiscanner_service, system_api_service, system_server_service, service_manager_type;
|
||||
type wifi_service, app_api_service, system_server_service, service_manager_type;
|
||||
type wifi_stack_service, system_server_service, service_manager_type;
|
||||
type wificond_service, service_manager_type;
|
||||
type wifiaware_service, app_api_service, system_server_service, service_manager_type;
|
||||
type window_service, system_api_service, system_server_service, service_manager_type;
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@ type wificond_exec, system_file_type, exec_type, file_type;
|
|||
|
||||
binder_use(wificond)
|
||||
binder_call(wificond, system_server)
|
||||
binder_call(wificond, network_stack)
|
||||
|
||||
add_service(wificond, wificond_service)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue