tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/wpa.te
Riley Spahn 1196d2a576 Adding policies for KeyStore MAC. 
Add keystore_key class and an action for each action supported
by keystore. Add policies that replicate the access control that
already exists in keystore. Add auditallow rules for actions
not known to be used frequently. Add macro for those domains
wishing to access keystore.

Change-Id: Iddd8672b9e9b72b45ee208e6eda608cc9dc61edc
2014-06-26 08:53:10 -07:00

39 lines
1.1 KiB
Text
Raw Blame History

# wpa - wpa supplicant or equivalent
type wpa, domain;
type wpa_exec, exec_type, file_type;
init_daemon_domain(wpa)
net_domain(wpa)
allow wpa kernel:system module_request;
allow wpa self:capability { setuid net_admin setgid net_raw };
allow wpa cgroup:dir create_dir_perms;
allow wpa self:netlink_route_socket nlmsg_write;
allow wpa self:netlink_socket create_socket_perms;
allow wpa self:packet_socket create_socket_perms;
allow wpa wifi_data_file:dir create_dir_perms;
allow wpa wifi_data_file:file create_file_perms;
unix_socket_send(wpa, system_wpa, system_server)
binder_use(wpa)
# Create a socket for receiving info from wpa
type_transition wpa wifi_data_file:dir wpa_socket "sockets";
allow wpa wpa_socket:dir create_dir_perms;
allow wpa wpa_socket:sock_file create_file_perms;
use_keystore(wpa)
# WPA (wifi) has a restricted set of permissions from the default.
allow wpa keystore:keystore_key {
get
sign
verify
};
# Allow wpa_cli to work. wpa_cli creates a socket in
# /data/misc/wifi/sockets which wpa supplicant communicates with.
userdebug_or_eng(`
unix_socket_send(wpa, wpa, su)
')
Reference in a new issue View git blame Copy permalink