tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add selinux policy for legacy Wifi HAL

Browse source 
avc: denied { call } for scontext=u:r:wificond:s0 tcontext=u:r:hwservicemanager:s0 tclass=binder permissive=1
avc: denied { call } for scontext=u:r:wificond:s0 tcontext=u:r:wifi_hal_legacy:s0 tclass=binder permissive=1

avc: denied { bind } for scontext=u:r:wifi_hal_legacy:s0 tcontext=u:r:wifi_hal_legacy:s0 tclass=netlink_socket permissive=1
avc: denied { call } for scontext=u:r:wifi_hal_legacy:s0 tcontext=u:r:hwservicemanager:s0 tclass=binder permissive=1
avc: denied { create } for scontext=u:r:wifi_hal_legacy:s0 tcontext=u:r:wifi_hal_legacy:s0 tclass=netlink_socket permissive=1
avc: denied { create } for scontext=u:r:wifi_hal_legacy:s0 tcontext=u:r:wifi_hal_legacy:s0 tclass=udp_socket permissive=1
avc: denied { getattr } for path="/proc/4355/net/psched" dev="proc" ino=4026535370 scontext=u:r:wifi_hal_legacy:s0 tcontext=u:object_r:proc_net:s0 tclass=file permissive=1
avc: denied { getattr } for scontext=u:r:wifi_hal_legacy:s0 tcontext=u:r:wifi_hal_legacy:s0 tclass=netlink_socket permissive=1
avc: denied { ioctl } for path="socket:[28193]" dev="sockfs" ino=28193 ioctlcmd=8933 scontext=u:r:wifi_hal_legacy:s0 tcontext=u:r:wifi_hal_legacy:s0 tclass=udp_socket permissive=1
avc: denied { ioctl } for path="socket:[34821]" dev="sockfs" ino=34821 ioctlcmd=8933 scontext=u:r:wifi_hal_legacy:s0 tcontext=u:r:wifi_hal_legacy:s0 tclass=udp_socket permissive=1
avc: denied { net_admin } for capability=12 scontext=u:r:wifi_hal_legacy:s0 tcontext=u:r:wifi_hal_legacy:s0 tclass=capability permissive=1
avc: denied { net_raw } for capability=13 scontext=u:r:wifi_hal_legacy:s0 tcontext=u:r:wifi_hal_legacy:s0 tclass=capability permissive=1
avc: denied { open } for path="/proc/2754/net/psched" dev="proc" ino=4026535377 scontext=u:r:wifi_hal_legacy:s0 tcontext=u:object_r:proc_net:s0 tclass=file permissive=1
avc: denied { open } for path="/sys/class/net" dev="sysfs" ino=10488 scontext=u:r:wifi_hal_legacy:s0 tcontext=u:object_r:sysfs:s0 tclass=dir permissive=1
avc: denied { read } for name="net" dev="sysfs" ino=10488 scontext=u:r:wifi_hal_legacy:s0 tcontext=u:object_r:sysfs:s0 tclass=dir permissive=1
avc: denied { read } for name="psched" dev="proc" ino=4026535370 scontext=u:r:wifi_hal_legacy:s0 tcontext=u:object_r:proc_net:s0 tclass=file permissive=1
avc: denied { read } for scontext=u:r:wifi_hal_legacy:s0 tcontext=u:r:wifi_hal_legacy:s0 tclass=netlink_socket permissive=1
avc: denied { setopt } for scontext=u:r:wifi_hal_legacy:s0 tcontext=u:r:wifi_hal_legacy:s0 tclass=netlink_socket permissive=1
avc: denied { transfer } for scontext=u:r:wifi_hal_legacy:s0 tcontext=u:r:hwservicemanager:s0 tclass=binder permissive=1
avc: denied { write } for scontext=u:r:wifi_hal_legacy:s0 tcontext=u:r:wifi_hal_legacy:s0 tclass=netlink_socket permissive=1
avc: denied { create } for scontext=u:r:wifi_hal_legacy:s0 tcontext=u:r:wifi_hal_legacy:s0 tclass=netlink_socket permissive=0
avc: denied { net_admin } for capability=12 scontext=u:r:wifi_hal_legacy:s0 tcontext=u:r:wifi_hal_legacy:s0 tclass=capability permissive=0
avc: denied { read } for name="net" dev="sysfs" ino=9862 scontext=u:r:wifi_hal_legacy:s0 tcontext=u:object_r:sysfs:s0 tclass=dir permissive=0
avc: denied { create } for scontext=u:r:wifi_hal_legacy:s0 tcontext=u:r:wifi_hal_legacy:s0 tclass=udp_socket permissive=0

Bug: 31352200
Test: can boot angler & bullhead and start/stop HAL repeatedly
Change-Id: Ide93730d362fb93602742fc10b22fff6e7d56f6b
This commit is contained in:
Mitchell Wills 2016-09-16 12:17:10 -07:00
parent a45672614d
commit a18b41e752
3 changed files with 27 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
file_contexts
View file

@ -215,6 +215,8 @@
/system/bin/idmap u:object_r:idmap_exec:s0 /system/bin/idmap u:object_r:idmap_exec:s0
/system/bin/update_engine u:object_r:update_engine_exec:s0 /system/bin/update_engine u:object_r:update_engine_exec:s0
/system/bin/bspatch u:object_r:update_engine_exec:s0 /system/bin/bspatch u:object_r:update_engine_exec:s0
/system/bin/hw/wifi_hal_legacy u:object_r:wifi_hal_legacy_exec:s0
############################# #############################
# Vendor files # Vendor files

22
wifi_hal_legacy.te Normal file
View file

@ -0,0 +1,22 @@
# wifi legacy hal
type wifi_hal_legacy, domain;
type wifi_hal_legacy_exec, exec_type, file_type;
# may be started by init
init_daemon_domain(wifi_hal_legacy)
## hwbinder access
hwbinder_use(wifi_hal_legacy)
## call into wificond process (callbacks)
binder_call(wifi_hal_legacy, wificond)
r_dir_file(wifi_hal_legacy, proc_net)
r_dir_file(wifi_hal_legacy, sysfs_type)
allow wifi_hal_legacy self:udp_socket create_socket_perms;
allow wifi_hal_legacy self:capability { net_admin net_raw };
# allow wifi_hal_legacy to speak to nl80211 in the kernel
allow wifi_hal_legacy self:netlink_socket create_socket_perms_no_ioctl;
# newer kernels (e.g. 4.4 but not 4.1) have a new class for sockets
allow wifi_hal_legacy self:netlink_generic_socket create_socket_perms_no_ioctl;

3
wificond.te
View file

@ -8,6 +8,9 @@ binder_use(wificond)
binder_call(wificond, system_server) binder_call(wificond, system_server)
binder_call(wificond, wpa) binder_call(wificond, wpa)
hwbinder_use(wificond)
binder_call(wificond, wifi_hal_legacy)
allow wificond wificond_service:service_manager { add find }; allow wificond wificond_service:service_manager { add find };
# wificond writes firmware paths to this file. # wificond writes firmware paths to this file.