diff options
| author | codeworkx <daniel.hillenbrand@codeworkx.de> | 2018-01-07 12:12:17 +0100 | 
|---|---|---|
| committer | Davide Garberi <dade.garberi@gmail.com> | 2018-01-07 17:17:05 +0100 | 
| commit | 39d37460e00490ba0f44f77f27f66a012c10df6f (patch) | |
| tree | 0f4c8f909bbcc078ad24249ec0a9ca3fcf6d0d96 | |
| parent | 84dacdabe8bd5e2290fb0a045c4a247b284144fb (diff) | |
msm8996: selinux: label wcnss_filter and fix denial
Change-Id: Ic41316e00c52672a6f8ff245fdba844fd9546ea7
Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
| -rwxr-xr-x | rootdir/etc/init.qcom.rc | 3 | ||||
| -rw-r--r-- | sepolicy/bluetooth.te | 1 | ||||
| -rw-r--r-- | sepolicy/file_contexts | 1 | ||||
| -rw-r--r-- | sepolicy/hal_bluetooth_default.te | 1 | 
4 files changed, 5 insertions, 1 deletions
| diff --git a/rootdir/etc/init.qcom.rc b/rootdir/etc/init.qcom.rc index 3a21016..5e7120d 100755 --- a/rootdir/etc/init.qcom.rc +++ b/rootdir/etc/init.qcom.rc @@ -775,7 +775,7 @@ service start_hci_filter /system/bin/wcnss_filter      class late_start      user bluetooth      group bluetooth diag system wakelock -    seclabel u:r:bluetooth:s0 +    seclabel u:r:wcnss_filter:s0      disabled  on property:wc_transport.start_root=true @@ -800,6 +800,7 @@ service hci_filter_root /system/bin/wcnss_filter      class late_start      user bluetooth      group bluetooth diag system +    seclabel u:r:wcnss_filter:s0      disabled  service ftmd /system/bin/logwrapper /system/bin/ftmdaemon diff --git a/sepolicy/bluetooth.te b/sepolicy/bluetooth.te new file mode 100644 index 0000000..0f173e1 --- /dev/null +++ b/sepolicy/bluetooth.te @@ -0,0 +1 @@ +allow bluetooth wcnss_filter:unix_stream_socket { connectto }; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 1b368ba..bc44d4c 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -31,6 +31,7 @@  /system/bin/port-bridge                                         u:object_r:port-bridge_exec:s0  /system/bin/time_daemon                                         u:object_r:time_daemon_exec:s0  /system/bin/cnss-daemon                                         u:object_r:wcnss_service_exec:s0 +/system/bin/wcnss_filter                                        u:object_r:wcnss_filter_exec:s0  # modemst1  /dev/block/mmcblk0p37                                           u:object_r:modem_efs_partition_device:s0 diff --git a/sepolicy/hal_bluetooth_default.te b/sepolicy/hal_bluetooth_default.te index e60f709..d7266e1 100644 --- a/sepolicy/hal_bluetooth_default.te +++ b/sepolicy/hal_bluetooth_default.te @@ -1,2 +1,3 @@  allow hal_bluetooth_default bluetooth_data_file:dir search;  allow hal_bluetooth_default bluetooth_data_file:file { append getattr open read write }; +allow hal_bluetooth_default wcnss_filter:unix_stream_socket { connectto }; | 
