76aab82cb3
This attribute is being actively removed from policy. Since attributes are not being versioned, partners must not be able to access and use this attribute. Move it from private and verify in the logs that rild and tee are not using these permissions. Bug: 38316109 Test: build and boot Marlin Test: Verify that rild and tee are not being granted any of these permissions. Change-Id: I31beeb5bdf3885195310b086c1af3432dc6a349b
23 lines
669 B
Text
23 lines
669 B
Text
# Point to Point Protocol daemon
|
|
type ppp, domain;
|
|
type ppp_device, dev_type;
|
|
type ppp_exec, exec_type, file_type;
|
|
|
|
net_domain(ppp)
|
|
|
|
r_dir_file(ppp, proc_net)
|
|
|
|
allow ppp mtp:socket rw_socket_perms;
|
|
|
|
# ioctls needed for VPN.
|
|
allowxperm ppp self:udp_socket ioctl priv_sock_ioctls;
|
|
allowxperm ppp mtp:socket ioctl ppp_ioctls;
|
|
|
|
allow ppp mtp:unix_dgram_socket rw_socket_perms;
|
|
allow ppp ppp_device:chr_file rw_file_perms;
|
|
allow ppp self:capability net_admin;
|
|
allow ppp system_file:file rx_file_perms;
|
|
not_full_treble(`allow ppp vendor_file:file rx_file_perms;')
|
|
allow ppp vpn_data_file:dir w_dir_perms;
|
|
allow ppp vpn_data_file:file create_file_perms;
|
|
allow ppp mtp:fd use;
|