tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix wificond permissions for hikey

Browse source 
Newer kernels apparently introduce a new SELinux label
"netlink_generic_socket".

AOSP is missing some patches for ioctl whitelisting and
it was suggested we add unpriv_socket_ioctls as a stopgap.

Bug: 31226503
Change-Id: Ie4dd499925f74747c0247e5d7ad0de0f673b5ed2
This commit is contained in:
Christopher Wiley 2016-08-31 17:46:42 -07:00
parent 31e646074c
commit cd8e8d2bbb
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
wificond.te
View file

@ -19,11 +19,15 @@ set_prop(wificond, ctl_default_prop)
# create sockets to set interfaces up and down
allow wificond self:udp_socket create_socket_perms;
# See discussion in b/31226503
allowxperm wificond self:udp_socket ioctl unpriv_sock_ioctls;
# setting interface state up/down is a privileged ioctl
allowxperm wificond self:udp_socket ioctl { SIOCSIFFLAGS };
allow wificond self:capability { net_admin net_raw };
# allow wificond to speak to nl80211 in the kernel
allow wificond self:netlink_socket create_socket_perms;
# newer kernels (e.g. 4.4 but not 4.1) have a new class for sockets
allow wificond self:netlink_generic_socket create_socket_perms;
r_dir_file(wificond, proc_net)