Merge "Revert /proc/net related changes"
This commit is contained in:
Nick Kralevich
Gerrit Code Review
commit
d99ea5a8af
12 changed files with 4 additions and 16 deletions
1
app.te
1
app.te
|
|
@ -83,7 +83,6 @@ allow appdomain dumpstate:unix_stream_socket { read write getopt getattr shutdow
|
|||
allow appdomain shell_data_file:file { write getattr };
|
||||
|
||||
# Write to /proc/net/xt_qtaguid/ctrl file.
|
||||
allow appdomain proc_net:dir search;
|
||||
allow appdomain qtaguid_proc:file rw_file_perms;
|
||||
# Everybody can read the xt_qtaguid resource tracking misc dev.
|
||||
# So allow all apps to read from /dev/xt_qtaguid.
|
||||
|
|
|
|||
1
clatd.te
1
clatd.te
|
|
@ -15,7 +15,6 @@ allow clatd netd:udp_socket { read write };
|
|||
allow clatd netd:unix_stream_socket { read write };
|
||||
allow clatd netd:unix_dgram_socket { read write };
|
||||
|
||||
r_dir_file(clatd, proc_net)
|
||||
allow clatd self:capability { net_admin net_raw setuid setgid };
|
||||
|
||||
allow clatd self:netlink_route_socket nlmsg_write;
|
||||
|
|
|
|||
3
dhcp.te
3
dhcp.te
|
|
@ -12,8 +12,7 @@ allow dhcp self:netlink_route_socket nlmsg_write;
|
|||
allow dhcp shell_exec:file rx_file_perms;
|
||||
allow dhcp system_file:file rx_file_perms;
|
||||
# For /proc/sys/net/ipv4/conf/*/promote_secondaries
|
||||
allow dhcp proc_net:file rw_file_perms;
|
||||
allow dhcp proc_net:dir r_dir_perms;
|
||||
allow dhcp proc_net:file write;
|
||||
allow dhcp dhcp_prop:property_service set;
|
||||
allow dhcp pan_result_prop:property_service set;
|
||||
unix_socket_connect(dhcp, property, init)
|
||||
|
|
|
|||
|
|
@ -145,9 +145,8 @@ r_dir_file(domain, sysfs)
|
|||
r_dir_file(domain, sysfs_devices_system_cpu)
|
||||
r_dir_file(domain, inotify)
|
||||
r_dir_file(domain, cgroup)
|
||||
r_dir_file(domain, proc_net)
|
||||
allow domain proc_cpuinfo:file r_file_perms;
|
||||
allow domain proc_net:dir search;
|
||||
allow domain proc_net_psched:file r_file_perms;
|
||||
|
||||
# debugfs access
|
||||
allow domain debugfs:dir r_dir_perms;
|
||||
|
|
|
|||
|
|
@ -61,7 +61,6 @@ domain_auto_trans(dumpstate, vdc_exec, vdc)
|
|||
allow dumpstate sysfs:file w_file_perms;
|
||||
|
||||
# Other random bits of data we want to collect
|
||||
allow dumpstate proc_net:dir search;
|
||||
allow dumpstate qtaguid_proc:file r_file_perms;
|
||||
allow dumpstate debugfs:file r_file_perms;
|
||||
|
||||
|
|
|
|||
1
file.te
1
file.te
|
|
@ -12,7 +12,6 @@ type qtaguid_proc, fs_type, mlstrustedobject;
|
|||
type proc_bluetooth_writable, fs_type;
|
||||
type proc_cpuinfo, fs_type;
|
||||
type proc_net, fs_type;
|
||||
type proc_net_psched, fs_type;
|
||||
type proc_sysrq, fs_type;
|
||||
type selinuxfs, fs_type, mlstrustedobject;
|
||||
type cgroup, fs_type, mlstrustedobject;
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@ genfscon rootfs / u:object_r:rootfs:s0
|
|||
# proc labeling can be further refined (longest matching prefix).
|
||||
genfscon proc / u:object_r:proc:s0
|
||||
genfscon proc /net u:object_r:proc_net:s0
|
||||
genfscon proc /net/psched u:object_r:proc_net_psched:s0
|
||||
genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid_proc:s0
|
||||
genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
|
||||
genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0
|
||||
|
|
|
|||
3
init.te
3
init.te
|
|
@ -124,8 +124,7 @@ allow init proc_security:file rw_file_perms;
|
|||
allow init proc:file w_file_perms;
|
||||
|
||||
# Write to /proc/sys/net/ping_group_range and other /proc/sys/net files.
|
||||
allow init proc_net:file rw_file_perms;
|
||||
allow init proc_net:dir r_dir_perms;
|
||||
allow init proc_net:file w_file_perms;
|
||||
allow init self:capability net_admin;
|
||||
|
||||
# Write to /proc/sysrq-trigger.
|
||||
|
|
|
|||
|
|
@ -61,7 +61,6 @@ allow mediaserver audio_data_file:dir ra_dir_perms;
|
|||
allow mediaserver audio_data_file:file create_file_perms;
|
||||
|
||||
# Read/[write] to /proc/net/xt_qtaguid/ctrl and /dev/xt_qtaguid
|
||||
allow mediaserver proc_net:dir search;
|
||||
allow mediaserver qtaguid_proc:file rw_file_perms;
|
||||
allow mediaserver qtaguid_device:chr_file r_file_perms;
|
||||
|
||||
|
|
|
|||
3
netd.te
3
netd.te
|
|
@ -24,8 +24,7 @@ allow netd system_file:file x_file_perms;
|
|||
allow netd devpts:chr_file rw_file_perms;
|
||||
|
||||
# For /proc/sys/net/ipv[46]/route/flush.
|
||||
allow netd proc_net:file rw_file_perms;
|
||||
allow netd proc_net:dir r_dir_perms;
|
||||
allow netd proc_net:file write;
|
||||
|
||||
# For /sys/modules/bcmdhd/parameters/firmware_path
|
||||
# XXX Split into its own type.
|
||||
|
|
|
|||
1
radio.te
1
radio.te
|
|
@ -17,7 +17,6 @@ allow radio radio_data_file:notdevfile_class_set create_file_perms;
|
|||
|
||||
allow radio alarm_device:chr_file rw_file_perms;
|
||||
|
||||
r_dir_file(radio, proc_net)
|
||||
allow radio net_data_file:dir search;
|
||||
allow radio net_data_file:file r_file_perms;
|
||||
|
||||
|
|
|
|||
|
|
@ -91,7 +91,6 @@ allow system_server appdomain:file write;
|
|||
# Read/Write to /proc/net/xt_qtaguid/ctrl and and /dev/xt_qtaguid.
|
||||
allow system_server qtaguid_proc:file rw_file_perms;
|
||||
allow system_server qtaguid_device:chr_file rw_file_perms;
|
||||
r_dir_file(system_server, proc_net)
|
||||
|
||||
# Write to /proc/sysrq-trigger.
|
||||
allow system_server proc_sysrq:file rw_file_perms;
|
||||
|
|
|
|||
Loading…
Reference in a new issue