f627e5581c
Relabeling /vendor and /system/vendor to vendor_file removed
previously granted permissions. Restore these for non-treble devices.
Addresses:
avc: denied { execute_no_trans } for pid=2944 comm="dumpstate"
path="/system/vendor/bin/wpa_cli" dev="mmcblk0p10" ino=1929
scontext=u:r:dumpstate:s0 tcontext=u:object_r:vendor_file:s0
tclass=file
And potentially some other bugs that have yet to surface.
Bug: 37105075
Test: build Fugu
Change-Id: I8e7bd9c33819bf8206f7c110cbce72366afbcef8
23 lines
688 B
Text
23 lines
688 B
Text
# Point to Point Protocol daemon
|
|
type ppp, domain, domain_deprecated;
|
|
type ppp_device, dev_type;
|
|
type ppp_exec, exec_type, file_type;
|
|
|
|
net_domain(ppp)
|
|
|
|
r_dir_file(ppp, proc_net)
|
|
|
|
allow ppp mtp:socket rw_socket_perms;
|
|
|
|
# ioctls needed for VPN.
|
|
allowxperm ppp self:udp_socket ioctl priv_sock_ioctls;
|
|
allowxperm ppp mtp:socket ioctl ppp_ioctls;
|
|
|
|
allow ppp mtp:unix_dgram_socket rw_socket_perms;
|
|
allow ppp ppp_device:chr_file rw_file_perms;
|
|
allow ppp self:capability net_admin;
|
|
allow ppp system_file:file rx_file_perms;
|
|
not_full_treble(`allow ppp vendor_file:file rx_file_perms;')
|
|
allow ppp vpn_data_file:dir w_dir_perms;
|
|
allow ppp vpn_data_file:file create_file_perms;
|
|
allow ppp mtp:fd use;
|