Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3c4b3423 authored by Bjoern Johansson's avatar Bjoern Johansson
Browse files

Add SELinux configuration for new DHCP programs 

Add the dhcpclient and dhcpserver binary files to the makefile and
file_contexts and give them the appropriate SELinux permissions to run.

BUG: 74514143
Test: Build emulator image and manually verify WiFi functionality
Change-Id: Ia472ef4c86c9b6ba967c0fc7443db607aed1e485
(cherry picked from commit 917bda2587d219e35404a298c05a7179519815c1)
(cherry picked from commit 87b9f937113801b50612863cb13e6391cc1f3105)
(cherry picked from commit 760a19890ac99144f6b143015c36e7aaa3797c73)
parent 12fd2d88

target/board/generic/sepolicy/dhcpclient.te

0 → 100644
+16 −0
Original line number Diff line number Diff line 
# DHCP client

type dhcpclient, domain, domain_deprecated;

type dhcpclient_exec, exec_type, file_type;



init_daemon_domain(dhcpclient)

net_domain(dhcpclient)



allow dhcpclient execns:fd use;



set_prop(dhcpclient, net_eth0_prop);

allow dhcpclient self:capability { net_admin net_raw };

allow dhcpclient self:packet_socket { create bind ioctl read write };

allow dhcpclient self:udp_socket { ioctl create };

allow dhcpclient self:netlink_route_socket { write nlmsg_write };

allow dhcpclient varrun_file:dir search;

target/board/generic/sepolicy/dhcpserver.te

0 → 100644
+12 −0
Original line number Diff line number Diff line 
# DHCP server

type dhcpserver, domain, domain_deprecated;

type dhcpserver_exec, exec_type, file_type;



init_daemon_domain(dhcpserver)

net_domain(dhcpserver)



allow dhcpserver execns:fd use;



get_prop(dhcpserver, net_eth0_prop);

allow dhcpserver self:udp_socket { ioctl create setopt bind };

allow dhcpserver self:capability { net_raw net_bind_service };

target/board/generic/sepolicy/execns.te

+6 −0
Original line number Diff line number Diff line
@@ -10,6 +10,12 @@ allow execns self:capability sys_admin; 
#Allow execns itself to be run by init in its own domain

domain_auto_trans(init, execns_exec, execns);



# Allow dhcpclient to be run by execns in its own domain

domain_auto_trans(execns, dhcpclient_exec, dhcpclient);



# Allow dhcpserver to be run by execns in its own domain

domain_auto_trans(execns, dhcpserver_exec, dhcpserver);



# Allow hostapd to be run by execns in its own domain

domain_auto_trans(execns, hostapd_exec, hostapd);

allow hostapd execns:fd use;

target/board/generic/sepolicy/file_contexts

+2 −0
Original line number Diff line number Diff line
@@ -20,6 +20,8 @@ 
/vendor/bin/qemu-props       u:object_r:qemu_props_exec:s0

/system/bin/execns           u:object_r:execns_exec:s0

/system/bin/ipv6proxy        u:object_r:ipv6proxy_exec:s0

/system/bin/dhcpclient       u:object_r:dhcpclient_exec:s0

/system/bin/dhcpserver       u:object_r:dhcpserver_exec:s0



/vendor/bin/hw/android\.hardware\.drm@1\.0-service\.widevine          u:object_r:hal_drm_widevine_exec:s0

target/board/generic/sepolicy/property.te

+1 −0
Original line number Diff line number Diff line 
type qemu_prop, property_type;

type qemu_cmdline, property_type;

type radio_noril_prop, property_type;

type net_eth0_prop, property_type;