Skip to content
Snippets Groups Projects
Commit 34a8d4c6 authored by rpcraig's avatar rpcraig Committed by Android Git Automerger
Browse files

am ff7e5305: Create policy for PAN connections. 

* commit 'ff7e5305':
  Create policy for PAN connections.
parents 83d80311 ff7e5305
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
bluetooth.te
+ 5
1
View file @ 34a8d4c6
...@@ -10,7 +10,7 @@ allow bluetooth bluetooth_data_file:notdevfile_class_set create_file_perms; ...@@ -10,7 +10,7 @@ allow bluetooth bluetooth_data_file:notdevfile_class_set create_file_perms;
r_dir_file(bluetooth, bluetooth_efs_file) r_dir_file(bluetooth, bluetooth_efs_file)
# Device accesses. # Device accesses.
allow bluetooth hci_attach_dev:chr_file rw_file_perms; allow bluetooth { tun_device uhid_device hci_attach_dev }:chr_file rw_file_perms;
allow bluetooth input_device:chr_file write; allow bluetooth input_device:chr_file write;
# sysfs access. # sysfs access.
...@@ -21,3 +21,7 @@ allow bluetooth self:capability net_admin; ...@@ -21,3 +21,7 @@ allow bluetooth self:capability net_admin;
# SELinux does not presently define a specific socket class for # SELinux does not presently define a specific socket class for
# bluetooth sockets, nor does it distinguish among the bluetooth protocols. # bluetooth sockets, nor does it distinguish among the bluetooth protocols.
allow bluetoothdomain self:socket *; allow bluetoothdomain self:socket *;
# tethering
allow bluetooth self:{ tun_socket udp_socket } { ioctl create };
allow bluetooth efs_file:dir search;
dhcp.te
+ 8
0
View file @ 34a8d4c6
...@@ -22,3 +22,11 @@ unix_socket_connect(dhcp, property, init) ...@@ -22,3 +22,11 @@ unix_socket_connect(dhcp, property, init)
type_transition dhcp system_data_file:{ dir file } dhcp_data_file; type_transition dhcp system_data_file:{ dir file } dhcp_data_file;
allow dhcp dhcp_data_file:dir create_dir_perms; allow dhcp dhcp_data_file:dir create_dir_perms;
allow dhcp dhcp_data_file:file create_file_perms; allow dhcp dhcp_data_file:file create_file_perms;
# PAN connections
allow dhcp netd:fd use;
allow dhcp netd:fifo_file rw_file_perms;
allow dhcp netd:{ dgram_socket_class_set unix_stream_socket } { read write };
allow dhcp netd:{ netlink_kobject_uevent_socket netlink_route_socket netlink_nflog_socket } { read write };
# netdev-bt-pan driver loading
allow dhcp kernel:system module_request;
netd.te
+ 8
1
View file @ 34a8d4c6
...@@ -4,7 +4,7 @@ type netd_exec, exec_type, file_type; ...@@ -4,7 +4,7 @@ type netd_exec, exec_type, file_type;
init_daemon_domain(netd) init_daemon_domain(netd)
typeattribute netd mlstrustedsubject; typeattribute netd mlstrustedsubject;
allow netd self:capability { net_admin net_raw sys_module }; allow netd self:capability { net_admin net_raw sys_module kill };
allow netd self:netlink_kobject_uevent_socket *; allow netd self:netlink_kobject_uevent_socket *;
allow netd self:netlink_route_socket *; allow netd self:netlink_route_socket *;
allow netd self:netlink_nflog_socket *; allow netd self:netlink_nflog_socket *;
...@@ -28,3 +28,10 @@ allow netd sysfs:file write; ...@@ -28,3 +28,10 @@ allow netd sysfs:file write;
# Network driver loading. # Network driver loading.
allow netd kernel:system module_request; allow netd kernel:system module_request;
# Set dhcp lease for PAN connection
unix_socket_connect(netd, property, init)
allow netd system_prop:property_service set;
# Connect to PAN
domain_auto_trans(netd, dhcp_exec, dhcp);
allow netd dhcp:process signal;
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment