5b557888dd
Sharing data folders by path will be disallowed because it violates
the approved API between platform and vendor components tested by
VTS. Move all violating permissions from core selinux policy to
device specific policy so that we can exempt existing devices from
the ban and enforce it on new devices.
Bug: 34980020
Test: Move permissions. Build and test wifi, wifi AP, nfc, fingerprint
and Play movies on Marlin and Taimen.
Test: build on Angler, Bullhead, Dragon, Fugu, Marlin, Walleye
(cherry picked from commit ba2130a882)
Change-Id: Iaedbbe31237822cf3348209028bba45ad85465f8
23 lines
875 B
Text
23 lines
875 B
Text
# userspace wifi access points
|
|
type hostapd, domain;
|
|
type hostapd_exec, exec_type, vendor_file_type, file_type;
|
|
|
|
init_daemon_domain(hostapd)
|
|
|
|
net_domain(hostapd)
|
|
allow hostapd self:global_capability_class_set { net_admin net_raw };
|
|
|
|
# hostapd learns about its network interface via sysfs.
|
|
allow hostapd sysfs:file r_file_perms;
|
|
# hostapd follows the /sys/class/net/wlan0 link to the PCI device.
|
|
allow hostapd sysfs:lnk_file r_file_perms;
|
|
|
|
# Allow hostapd to access /proc/net/psched
|
|
allow hostapd proc_net:file { getattr open read };
|
|
|
|
# Various socket permissions.
|
|
allowxperm hostapd self:udp_socket ioctl priv_sock_ioctls;
|
|
allow hostapd self:netlink_socket create_socket_perms_no_ioctl;
|
|
allow hostapd self:netlink_generic_socket create_socket_perms_no_ioctl;
|
|
allow hostapd self:packet_socket create_socket_perms_no_ioctl;
|
|
allow hostapd self:netlink_route_socket nlmsg_write;
|