Skip to content
Snippets Groups Projects
Commit bed5a433 authored by Jeff Vander Stoep's avatar Jeff Vander Stoep
Browse files

Revert "system_server, bluetooth: grant access to priv socket ioctls" 

This reverts commit f19bcfd5.

Bug: 31364540
Change-Id: I41d71202fe7d2e67742edd7915a95d37172ba7ea
parent 094ab7a8
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
bluetooth.te
+ 0
2
View file @ bed5a433
...@@ -2,8 +2,6 @@ ...@@ -2,8 +2,6 @@
type bluetooth, domain, domain_deprecated; type bluetooth, domain, domain_deprecated;
app_domain(bluetooth) app_domain(bluetooth)
net_domain(bluetooth) net_domain(bluetooth)
# Allow access to net_admin ioctls
allowxperm bluetooth self:udp_socket ioctl priv_sock_ioctls;
wakelock_use(bluetooth); wakelock_use(bluetooth);
......
system_server.te
+ 2
2
View file @ bed5a433
...@@ -42,8 +42,8 @@ allow system_server zygote:unix_stream_socket { getopt getattr }; ...@@ -42,8 +42,8 @@ allow system_server zygote:unix_stream_socket { getopt getattr };
# system server gets network and bluetooth permissions. # system server gets network and bluetooth permissions.
net_domain(system_server) net_domain(system_server)
# in addition to ioctls whitelisted for all domains, also allow system_server # in addition to ioctls whitelisted for all domains, also allow system_server
# to use privileged ioctls commands. Needed to set up VPNs. # to use:
allowxperm system_server self:udp_socket ioctl priv_sock_ioctls; allowxperm system_server self:udp_socket ioctl SIOCSIFFLAGS;
bluetooth_domain(system_server) bluetooth_domain(system_server)
# These are the capabilities assigned by the zygote to the # These are the capabilities assigned by the zygote to the
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment