diff options
| author | Sandeep Patil <sspatil@google.com> | 2017-04-14 17:49:05 -0700 |
|---|---|---|
| committer | Cosme Domínguez Díaz <cosme.ddiaz@gmail.com> | 2018-04-09 01:31:37 +0200 |
| commit | 654ffe0d79d75db93f3dab124386fcae92eacfd3 (patch) | |
| tree | 6867b1b5167bf073439f4e33fcfc33d560fadf76 /sepolicy/netutils_wrapper.te | |
| parent | da427996570c7ec070e61d191e0fc8d0db778bcf (diff) | |
netmgrd: use netutils_wrappers
Add required permissions for netmgrd to use the new netutils wrappers
Bug: 36463595
Test: boot sailfish, test LTE, wifi, wifi calling and phone calls work
Change-Id: I5894ee2659f97fce4f4f2b16c54c10f42484b454
Signed-off-by: Sandeep Patil <sspatil@google.com>
Diffstat (limited to 'sepolicy/netutils_wrapper.te')
| -rw-r--r-- | sepolicy/netutils_wrapper.te | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/sepolicy/netutils_wrapper.te b/sepolicy/netutils_wrapper.te new file mode 100644 index 0000000..963d47b --- /dev/null +++ b/sepolicy/netutils_wrapper.te @@ -0,0 +1,17 @@ +# For netutils to be able to write their stdout stderr to the pipes opened by netmgrd +allow netutils_wrapper netmgrd:fd use; +allow netutils_wrapper netmgrd:fifo_file { getattr read write append }; + +# netmgrd opens files without o_CLOEXEC and fork_execs the netutils wrappers +# this results in all file (fd) permissions being audited for access by netutils_wrapper +# domain. Stop those audit messages flooding the kernel log. +dontaudit netutils_wrapper netmgrd:udp_socket { getattr read write append }; +dontaudit netutils_wrapper diag_device:chr_file { getattr read write append ioctl }; +dontaudit netutils_wrapper netmgr_data_file:file { getattr read write append }; +dontaudit netutils_wrapper netmgrd:netlink_route_socket { getattr read write append }; +dontaudit netutils_wrapper netmgrd:netlink_socket { getattr read write append }; +dontaudit netutils_wrapper netmgrd:netlink_xfrm_socket { getattr read write append }; +dontaudit netutils_wrapper netmgrd:unix_stream_socket { getattr read write append }; +dontaudit netutils_wrapper sysfs_msm_subsys:file read; +dontaudit netutils_wrapper netmgrd:tcp_socket { getattr read write append }; +dontaudit netutils_wrapper netmgrd:socket { read write }; |