tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Allow all Apps to Recv UDP Sockets from SystemServer" into tm-dev

Browse source
This commit is contained in:
Rubin Xu 2022-07-07 21:00:53 +00:00 committed by Android (Google) Code Review
commit 8fc9b04967
2 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
prebuilts/api/33.0/private/app.te
View file

@ -75,6 +75,11 @@ dontaudit appdomain vendor_default_prop:file read;
# Access to /mnt/media_rw/<vol> (limited by DAC to apps with external_storage gid)
allow { appdomain -sdk_sandbox } mnt_media_rw_file:dir search;
# allow apps to use UDP sockets provided by the system server but not
# modify them other than to connect
allow appdomain system_server:udp_socket {
connect getattr read recvfrom sendto write getopt setopt };
neverallow appdomain system_server:udp_socket {
accept append bind create ioctl listen lock name_bind
relabelfrom relabelto setattr shutdown };

5
private/app.te
View file

@ -75,6 +75,11 @@ dontaudit appdomain vendor_default_prop:file read;
# Access to /mnt/media_rw/<vol> (limited by DAC to apps with external_storage gid)
allow { appdomain -sdk_sandbox } mnt_media_rw_file:dir search;
# allow apps to use UDP sockets provided by the system server but not
# modify them other than to connect
allow appdomain system_server:udp_socket {
connect getattr read recvfrom sendto write getopt setopt };
neverallow appdomain system_server:udp_socket {
accept append bind create ioctl listen lock name_bind
relabelfrom relabelto setattr shutdown };