From d49f7e6e363014b010b755ab8ee23d3f7c0a9344 Mon Sep 17 00:00:00 2001
From: rpcraig <rpcraig@tycho.ncsc.mil>
Date: Mon, 20 Aug 2012 06:13:28 -0400
Subject: [PATCH] Add ppp/mtp policy.

Initial policy for Point-to-Point tunneling and
tunneling manager services.
---
 file_contexts |  4 ++++
 mtp.te        | 13 +++++++++++++
 ppp.te        | 17 +++++++++++++++++
 system.te     |  3 +++
 4 files changed, 37 insertions(+)
 create mode 100644 mtp.te
 create mode 100644 ppp.te

diff --git a/file_contexts b/file_contexts
index 77e0875bc..a6f0323d2 100644
--- a/file_contexts
+++ b/file_contexts
@@ -38,6 +38,7 @@
 /dev/mtd/mtd5ro		u:object_r:radio_device:s0
 /dev/mtp_usb		u:object_r:mtp_device:s0
 /dev/pn544		u:object_r:nfc_device:s0
+/dev/ppp		u:object_r:ppp_device:s0
 /dev/ptmx		u:object_r:ptmx_device:s0
 /dev/pvrsrvkm		u:object_r:powervr_device:s0
 /dev/qemu_.*		u:object_r:qemu_device:s0
@@ -103,6 +104,9 @@
 /system/bin/qemud	u:object_r:qemud_exec:s0
 /system/bin/sdcard      u:object_r:sdcardd_exec:s0
 /system/bin/dhcpcd      u:object_r:dhcp_exec:s0
+/system/bin/mtpd	u:object_r:mtp_exec:s0
+/system/bin/pppd	u:object_r:ppp_exec:s0
+/system/etc/ppp(/.*)?	u:object_r:ppp_system_file:s0
 /system/etc/dhcpcd(/.*)? u:object_r:dhcp_system_file:s0
 /system/xbin/su		u:object_r:su_exec:s0
 /system/vendor/bin/gpsd u:object_r:gpsd_exec:s0
diff --git a/mtp.te b/mtp.te
new file mode 100644
index 000000000..4fc04b671
--- /dev/null
+++ b/mtp.te
@@ -0,0 +1,13 @@
+# vpn tunneling protocol manager
+type mtp, domain;
+type mtp_exec, exec_type, file_type;
+
+init_daemon_domain(mtp)
+
+# pptp policy
+allow mtp self:tcp_socket { create setopt connect write read };
+allow mtp self:socket { create connect };
+allow mtp self:rawip_socket create;
+allow mtp self:capability net_raw;
+allow mtp ppp:process signal;
+allow mtp port:tcp_socket name_connect;
diff --git a/ppp.te b/ppp.te
new file mode 100644
index 000000000..115fb9877
--- /dev/null
+++ b/ppp.te
@@ -0,0 +1,17 @@
+# Point to Point Protocol daemon
+type ppp, domain;
+type ppp_device, dev_type;
+type ppp_exec, exec_type, file_type;
+type ppp_system_file, file_type;
+
+domain_auto_trans(mtp, ppp_exec, ppp)
+
+allow ppp mtp:socket { read write ioctl };
+allow ppp ppp_device:chr_file rw_file_perms;
+allow ppp self:capability net_admin;
+allow ppp self:udp_socket { create ioctl };
+allow ppp ppp_system_file:dir search;
+allow ppp ppp_system_file:file rx_file_perms;
+allow ppp vpn_data_file:dir w_dir_perms;
+allow ppp vpn_data_file:file create_file_perms;
+allow ppp mtp:fd use;
diff --git a/system.te b/system.te
index 074028543..557a3859c 100644
--- a/system.te
+++ b/system.te
@@ -206,3 +206,6 @@ allow system gps_control:file rw_file_perms;
 allow system appdomain:udp_socket { read write };
 # Allow abstract socket connection
 allow system rild:unix_stream_socket connectto;
+
+# connect to vpn tunnel
+allow system mtp:unix_stream_socket { connectto };
-- 
GitLab