Skip to content
Snippets Groups Projects
Commit 5fba8e11 authored by Erik Kline's avatar Erik Kline
Browse files

Permit bluetooth to run DhcpClient

Requires net_raw and net_bind_service.

Bug: 26991160
Change-Id: I4cdd23f0d0c94c9b5126c821464aadc67cdb90c9
parent 2e1556dc
No related branches found
No related tags found
No related merge requests found
...@@ -24,6 +24,8 @@ allow bluetooth self:capability net_admin; ...@@ -24,6 +24,8 @@ allow bluetooth self:capability net_admin;
allow bluetooth self:capability2 wake_alarm; allow bluetooth self:capability2 wake_alarm;
# tethering # tethering
allow bluetooth self:packet_socket create_socket_perms;
allow bluetooth self:capability { net_admin net_raw net_bind_service };
allow bluetooth self:tun_socket create_socket_perms; allow bluetooth self:tun_socket create_socket_perms;
allow bluetooth efs_file:dir search; allow bluetooth efs_file:dir search;
...@@ -59,6 +61,6 @@ allow bluetooth shell_data_file:file read; ...@@ -59,6 +61,6 @@ allow bluetooth shell_data_file:file read;
### ###
# Superuser capabilities. # Superuser capabilities.
# bluetooth requires net_admin, wake_alarm and block_suspend # bluetooth requires net_{admin,raw,bind_service} and wake_alarm and block_suspend.
neverallow bluetooth self:capability ~net_admin; neverallow bluetooth self:capability ~{ net_admin net_raw net_bind_service };
neverallow bluetooth self:capability2 ~{ wake_alarm block_suspend }; neverallow bluetooth self:capability2 ~{ wake_alarm block_suspend };
...@@ -30,15 +30,6 @@ allow netd proc_net:file write; ...@@ -30,15 +30,6 @@ allow netd proc_net:file write;
# XXX Split into its own type. # XXX Split into its own type.
allow netd sysfs:file write; allow netd sysfs:file write;
# Set dhcp lease for PAN connection
set_prop(netd, dhcp_prop)
set_prop(netd, system_prop)
auditallow netd system_prop:property_service set;
# Connect to PAN
domain_auto_trans(netd, dhcp_exec, dhcp)
allow netd dhcp:process signal;
# Needed to update /data/misc/wifi/hostapd.conf # Needed to update /data/misc/wifi/hostapd.conf
# TODO: See what we can do to reduce the need for # TODO: See what we can do to reduce the need for
# these capabilities # these capabilities
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment