platform_system_sepolicy/public/mtp.te
Maciej Żenczykowski 8fa5ebdee7 mtp: support using pppox_socket family
Kernel commit da69a5306ab92e07224da54aafee8b1dccf024f6
("selinux: support distinctions among all network address families")
modified the kernel to support fine grain differentiation of socket
families, if userspace enables it (which Android does).

Modify the mtp SELinux policy to allow the use of pppox_socket
(needed for kernels 4.14 or greater) and the generic "socket" family
(for kernels below 4.14).

Bug: 130852066
Test: compiles
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I8ac4c2f98f823120060e51438b39254898f4a27e
2019-05-08 01:16:38 -07:00

11 lines
325 B
Text

# vpn tunneling protocol manager
type mtp, domain;
type mtp_exec, system_file_type, exec_type, file_type;
net_domain(mtp)
# pptp policy
allow mtp self:{ socket pppox_socket } create_socket_perms_no_ioctl;
allow mtp self:global_capability_class_set net_raw;
allow mtp ppp:process signal;
allow mtp vpn_data_file:dir search;