Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 19d4f257 authored Mar 23, 2018 by Bjoern Johansson Committed by android-build-merger Mar 23, 2018

Add SELinux configuration for new DHCP programs am: 3c4b3423

am: 3aa12491

Change-Id: Ib4558bb2bec89e21261f7fc903c25ef3e3264ccf

parents 06ebe2f5 3aa12491

target/board/generic/sepolicy/dhcpclient.te

0 → 100644

+16 −0

Original line number	Original line	Diff line number	Diff line
			# DHCP client
			type dhcpclient, domain, domain_deprecated;
			type dhcpclient_exec, exec_type, file_type;

			init_daemon_domain(dhcpclient)
			net_domain(dhcpclient)

			allow dhcpclient execns:fd use;

			set_prop(dhcpclient, net_eth0_prop);
			allow dhcpclient self:capability { net_admin net_raw };
			allow dhcpclient self:packet_socket { create bind ioctl read write };
			allow dhcpclient self:udp_socket { ioctl create };
			allow dhcpclient self:netlink_route_socket { write nlmsg_write };
			allow dhcpclient varrun_file:dir search;

target/board/generic/sepolicy/dhcpserver.te

0 → 100644

+12 −0

Original line number	Original line	Diff line number	Diff line
			# DHCP server
			type dhcpserver, domain, domain_deprecated;
			type dhcpserver_exec, exec_type, file_type;

			init_daemon_domain(dhcpserver)
			net_domain(dhcpserver)

			allow dhcpserver execns:fd use;

			get_prop(dhcpserver, net_eth0_prop);
			allow dhcpserver self:udp_socket { ioctl create setopt bind };
			allow dhcpserver self:capability { net_raw net_bind_service };

target/board/generic/sepolicy/execns.te

+6 −0

Original line number	Original line	Diff line number	Diff line
	@@ -10,6 +10,12 @@ allow execns self:capability sys_admin;
	#Allow execns itself to be run by init in its own domain		#Allow execns itself to be run by init in its own domain
	domain_auto_trans(init, execns_exec, execns);		domain_auto_trans(init, execns_exec, execns);

			# Allow dhcpclient to be run by execns in its own domain
			domain_auto_trans(execns, dhcpclient_exec, dhcpclient);

			# Allow dhcpserver to be run by execns in its own domain
			domain_auto_trans(execns, dhcpserver_exec, dhcpserver);

	# Allow hostapd to be run by execns in its own domain		# Allow hostapd to be run by execns in its own domain
	domain_auto_trans(execns, hostapd_exec, hostapd);		domain_auto_trans(execns, hostapd_exec, hostapd);
	allow hostapd execns:fd use;		allow hostapd execns:fd use;

target/board/generic/sepolicy/file_contexts

+2 −0

Original line number	Original line	Diff line number	Diff line
	@@ -20,6 +20,8 @@
	/vendor/bin/qemu-props u:object_r:qemu_props_exec:s0		/vendor/bin/qemu-props u:object_r:qemu_props_exec:s0
	/system/bin/execns u:object_r:execns_exec:s0		/system/bin/execns u:object_r:execns_exec:s0
	/system/bin/ipv6proxy u:object_r:ipv6proxy_exec:s0		/system/bin/ipv6proxy u:object_r:ipv6proxy_exec:s0
			/system/bin/dhcpclient u:object_r:dhcpclient_exec:s0
			/system/bin/dhcpserver u:object_r:dhcpserver_exec:s0

	/vendor/bin/hw/android\.hardware\.drm@1\.0-service\.widevine u:object_r:hal_drm_widevine_exec:s0		/vendor/bin/hw/android\.hardware\.drm@1\.0-service\.widevine u:object_r:hal_drm_widevine_exec:s0

target/board/generic/sepolicy/property.te

+1 −0

Original line number	Original line	Diff line number	Diff line
	type qemu_prop, property_type;		type qemu_prop, property_type;
	type qemu_cmdline, property_type;		type qemu_cmdline, property_type;
	type radio_noril_prop, property_type;		type radio_noril_prop, property_type;
			type net_eth0_prop, property_type;