Skip to content
Snippets Groups Projects
Normal view Permalink
wpa_supplicant.te 754 B
Newer Older
  • Learn to ignore specific revisions
    • Stephen Smalley's avatar
    SE Android policy.
    Stephen Smalley committed
    1 2 
    # wpa - wpa supplicant or equivalent
type wpa, domain;
    Stephen Smalley's avatar
    Confine wpa_supplicant, but leave it permissive for now.  
    Stephen Smalley committed
    3 
    permissive wpa;
    Stephen Smalley's avatar
    SE Android policy.
    Stephen Smalley committed
    4 5 6 
    type wpa_exec, exec_type, file_type;

init_daemon_domain(wpa)
    Stephen Smalley's avatar
    Confine wpa_supplicant, but leave it permissive for now.  
    Stephen Smalley committed
    7 8 9 10 11 12 13 14 15 16 17 18 19 
    allow wpa kernel:system module_request;
allow wpa self:capability { setuid net_admin setgid net_raw };
allow wpa cgroup:dir create_dir_perms;
allow wpa self:netlink_route_socket *;
allow wpa self:netlink_socket *;
allow wpa self:packet_socket *;
allow wpa self:udp_socket *;
allow wpa wifi_data_file:dir create_dir_perms;
allow wpa wifi_data_file:file create_file_perms;
unix_socket_send(wpa, system_wpa, system_server)
allow wpa random_device:chr_file r_file_perms;

# Create a socket for receiving info from wpa
    rpcraig's avatar
    Additions for grouper/JB  
    rpcraig committed
    20 
    type_transition wpa wifi_data_file:sock_file wpa_socket;
    Stephen Smalley's avatar
    Confine wpa_supplicant, but leave it permissive for now.  
    Stephen Smalley committed
    21 
    allow wpa wpa_socket:sock_file create_file_perms;