Skip to content
Snippets Groups Projects
Commit 58563c66 authored by Robert Craig's avatar Robert Craig Committed by Android Git Automerger
Browse files

am 6095ffea: am 529fcbe0: Create proc_net type for /proc/sys/net entries.

* commit '6095ffea':
  Create proc_net type for /proc/sys/net entries.
parents f04b3bfc 6095ffea
No related branches found
No related tags found
No related merge requests found
......@@ -13,7 +13,8 @@ allow dhcp self:packet_socket create_socket_perms;
allow dhcp self:netlink_route_socket { create_socket_perms nlmsg_write };
allow dhcp shell_exec:file rx_file_perms;
allow dhcp system_file:file rx_file_perms;
allow dhcp proc:file write;
# For /proc/sys/net/ipv4/conf/*/promote_secondaries
allow dhcp proc_net:file write;
allow dhcp system_prop:property_service set ;
allow dhcp dhcp_system_file:file rx_file_perms;
allow dhcp dhcp_system_file:dir r_dir_perms;
......
......@@ -106,6 +106,7 @@ r_dir_file(domain, sysfs)
r_dir_file(domain, sysfs_devices_system_cpu)
r_dir_file(domain, inotify)
r_dir_file(domain, cgroup)
r_dir_file(domain, proc_net)
# debugfs access
allow domain debugfs:dir r_dir_perms;
......
......@@ -10,6 +10,7 @@ type proc_security, fs_type;
type usermodehelper, fs_type, sysfs_type;
type qtaguid_proc, fs_type, mlstrustedobject;
type proc_bluetooth_writable, fs_type;
type proc_net, fs_type;
type selinuxfs, fs_type;
type cgroup, fs_type, mlstrustedobject;
type sysfs, fs_type, mlstrustedobject;
......
......@@ -15,6 +15,7 @@ genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security:s0
genfscon proc /sys/kernel/poweroff_cmd u:object_r:usermodehelper:s0
genfscon proc /sys/kernel/randomize_va_space u:object_r:proc_security:s0
genfscon proc /sys/kernel/usermodehelper u:object_r:usermodehelper:s0
genfscon proc /sys/net u:object_r:proc_net:s0
genfscon proc /sys/vm/mmap_min_addr u:object_r:proc_security:s0
# selinuxfs booleans can be individually labeled.
genfscon selinuxfs / u:object_r:selinuxfs:s0
......
......@@ -16,8 +16,7 @@ allow netd system_file:file x_file_perms;
allow netd devpts:chr_file rw_file_perms;
# For /proc/sys/net/ipv[46]/route/flush.
# XXX Split /proc/sys/net into its own type.
allow netd proc:file write;
allow netd proc_net:file write;
# For /sys/modules/bcmdhd/parameters/firmware_path
# XXX Split into its own type.
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment