tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

am fee49159: Align SELinux property policy with init property_perms.

Browse source 
* commit 'fee49159e760162b0e8ee5a4590c50a65b8e322f':
  Align SELinux property policy with init property_perms.
This commit is contained in:
Stephen Smalley 2014-06-23 20:59:38 +00:00 committed by Android Git Automerger
commit 492312434f
11 changed files with 37 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
dhcp.te
View file

@ -13,7 +13,7 @@ allow dhcp shell_exec:file rx_file_perms;
allow dhcp system_file:file rx_file_perms;
# For /proc/sys/net/ipv4/conf/*/promote_secondaries
allow dhcp proc_net:file write;
allow dhcp system_prop:property_service set ;
allow dhcp dhcp_prop:property_service set;
allow dhcp pan_result_prop:property_service set;
unix_socket_connect(dhcp, property, init)

3
init.te
View file

@ -86,6 +86,9 @@ allow init self:process { setexec setfscreate setsockcreate };
allow init property_data_file:dir create_dir_perms;
allow init property_data_file:file create_file_perms;
# Set any property.
allow init property_type:property_service set;
# Run "ifup lo" to bring up the localhost interface
allow init self:udp_socket { create ioctl };

2
netd.te
View file

@ -31,7 +31,9 @@ allow netd sysfs:file write;
# Set dhcp lease for PAN connection
unix_socket_connect(netd, property, init)
allow netd dhcp_prop:property_service set;
allow netd system_prop:property_service set;
auditallow netd system_prop:property_service set;
# Connect to PAN
domain_auto_trans(netd, dhcp_exec, dhcp)

4
property.te
View file

@ -2,10 +2,12 @@ type default_prop, property_type;
type shell_prop, property_type;
type debug_prop, property_type;
type debuggerd_prop, property_type;
type dhcp_prop, property_type;
type radio_prop, property_type;
type net_radio_prop, property_type;
type system_radio_prop, property_type;
type system_prop, property_type;
type vold_prop, property_type;
type rild_prop, property_type;
type ctl_bootanim_prop, property_type;
type ctl_default_prop, property_type;
type ctl_dhcp_pan_prop, property_type;

22
property_contexts
View file

@ -2,19 +2,17 @@
# property service keys
#
#
net.rmnet u:object_r:radio_prop:s0
net.gprs u:object_r:radio_prop:s0
net.ppp u:object_r:radio_prop:s0
net.qmi u:object_r:radio_prop:s0
net.lte u:object_r:radio_prop:s0
net.cdma u:object_r:radio_prop:s0
net.rmnet u:object_r:net_radio_prop:s0
net.gprs u:object_r:net_radio_prop:s0
net.ppp u:object_r:net_radio_prop:s0
net.qmi u:object_r:net_radio_prop:s0
net.lte u:object_r:net_radio_prop:s0
net.cdma u:object_r:net_radio_prop:s0
net.dns u:object_r:net_radio_prop:s0
sys.usb.config u:object_r:system_radio_prop:s0
ril. u:object_r:radio_prop:s0
gsm. u:object_r:radio_prop:s0
persist.radio u:object_r:radio_prop:s0
net.dns u:object_r:radio_prop:s0
sys.usb.config u:object_r:radio_prop:s0
ril. u:object_r:rild_prop:s0
ril.cdma u:object_r:radio_prop:s0
net. u:object_r:system_prop:s0
dev. u:object_r:system_prop:s0
@ -24,7 +22,7 @@ sys. u:object_r:system_prop:s0
sys.powerctl u:object_r:powerctl_prop:s0
service. u:object_r:system_prop:s0
wlan. u:object_r:system_prop:s0
dhcp. u:object_r:system_prop:s0
dhcp. u:object_r:dhcp_prop:s0
dhcp.bt-pan.result u:object_r:pan_result_prop:s0
bluetooth. u:object_r:bluetooth_prop:s0

4
radio.te
View file

@ -19,6 +19,10 @@ allow radio alarm_device:chr_file rw_file_perms;
# Property service
allow radio radio_prop:property_service set;
allow radio net_radio_prop:property_service set;
allow radio system_radio_prop:property_service set;
auditallow radio net_radio_prop:property_service set;
auditallow radio system_radio_prop:property_service set;
# ctl interface
allow radio ctl_rildaemon_prop:property_service set;

3
recovery.te
View file

@ -77,6 +77,9 @@ recovery_only(`
allow recovery powerctl_prop:property_service set;
unix_socket_connect(recovery, property, init)
# Start/stop adbd via ctl.start adbd
allow recovery ctl_default_prop:property_service set;
# Use setfscreatecon() to label files for OTA updates.
allow recovery self:process setfscreate;

5
rild.te
View file

@ -26,8 +26,11 @@ allow rild system_data_file:file r_file_perms;
allow rild system_file:file x_file_perms;
# property service
allow rild rild_prop:property_service set;
allow rild radio_prop:property_service set;
allow rild net_radio_prop:property_service set;
allow rild system_radio_prop:property_service set;
auditallow rild net_radio_prop:property_service set;
auditallow rild system_radio_prop:property_service set;
# Read/Write to uart driver (for GPS)
allow rild gps_device:chr_file rw_file_perms;

5
system_app.te
View file

@ -30,7 +30,10 @@ allow system_app dalvikcache_data_file:file { write setattr };
# Write to properties
unix_socket_connect(system_app, property, init)
allow system_app debug_prop:property_service set;
allow system_app radio_prop:property_service set;
allow system_app net_radio_prop:property_service set;
allow system_app system_radio_prop:property_service set;
auditallow system_app net_radio_prop:property_service set;
auditallow system_app system_radio_prop:property_service set;
allow system_app system_prop:property_service set;
allow system_app ctl_bugreport_prop:property_service set;
allow system_app logd_prop:property_service set;

4
system_server.te
View file

@ -271,7 +271,9 @@ allow system_server anr_data_file:dir relabelto;
# Property Service write
allow system_server system_prop:property_service set;
allow system_server radio_prop:property_service set;
allow system_server dhcp_prop:property_service set;
allow system_server net_radio_prop:property_service set;
allow system_server system_radio_prop:property_service set;
allow system_server debug_prop:property_service set;
allow system_server powerctl_prop:property_service set;

1
unconfined.te
View file

@ -109,4 +109,3 @@ allow unconfineddomain node_type:node *;
allow unconfineddomain netif_type:netif *;
allow unconfineddomain domain:peer recv;
allow unconfineddomain { domain -init }:binder { call transfer set_context_mgr };
allow unconfineddomain { property_type -security_prop }:property_service set;