Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ee21ef38 authored by Bjoern Johansson's avatar Bjoern Johansson Committed by android-build-merger
Browse files

Add support for WiFi in emulator 

am: 127395fc

Change-Id: I05bff54a221536812e757c09a156c8b3be8f3af4
parents e0bbacf1 127395fc

target/board/generic/sepolicy/execns.te

0 → 100644
+20 −0
Original line number Diff line number Diff line 
# Network namespace transitions

type execns, domain, domain_deprecated;

type execns_exec, exec_type, file_type;



init_daemon_domain(execns)



allow execns varrun_file:dir search;

allow execns self:capability sys_admin;



#Allow execns itself to be run by init in its own domain

domain_auto_trans(init, execns_exec, execns);



# Allow hostapd to be run by execns in its own domain

domain_auto_trans(execns, hostapd_exec, hostapd);

allow hostapd execns:fd use;



# Allow dnsmasq to be run by execns in its own domain

domain_auto_trans(execns, dnsmasq_exec, dnsmasq);

allow dnsmasq execns:fd use;

target/board/generic/sepolicy/file.te

+2 −0
Original line number Diff line number Diff line 
type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;

type varrun_file, file_type, data_file_type, mlstrustedobject;

type mediadrm_vendor_data_file, file_type, data_file_type;

target/board/generic/sepolicy/file_contexts

+3 −0
Original line number Diff line number Diff line
@@ -18,6 +18,8 @@ 
/vendor/bin/init\.ranchu-core\.sh u:object_r:goldfish_setup_exec:s0

/vendor/bin/init\.ranchu-net\.sh u:object_r:goldfish_setup_exec:s0

/vendor/bin/qemu-props       u:object_r:qemu_props_exec:s0

/system/bin/execns           u:object_r:execns_exec:s0

/system/bin/ipv6proxy        u:object_r:ipv6proxy_exec:s0



/vendor/bin/hw/android\.hardware\.drm@1\.0-service\.widevine          u:object_r:hal_drm_widevine_exec:s0
@@ -36,4 +38,5 @@ 


# data

/data/vendor/mediadrm(/.*)?            u:object_r:mediadrm_vendor_data_file:s0

/data/var/run(/.*)?                    u:object_r:varrun_file:s0

target/board/generic/sepolicy/goldfish_setup.te

+12 −0
Original line number Diff line number Diff line
@@ -11,3 +11,15 @@ allow goldfish_setup vendor_toolbox_exec:file execute_no_trans; 
allowxperm goldfish_setup self:udp_socket ioctl priv_sock_ioctls;

wakelock_use(goldfish_setup);

allow goldfish_setup vendor_shell_exec:file { rx_file_perms };



# Set system properties to start services

set_prop(goldfish_setup, ctl_default_prop);



# Set up WiFi

allow goldfish_setup self:netlink_route_socket nlmsg_write;

allow goldfish_setup self:netlink_socket create_socket_perms;

allow goldfish_setup self:capability { sys_module sys_admin };

allow goldfish_setup varrun_file:dir { mounton write add_name search remove_name };

allow goldfish_setup varrun_file:file { mounton getattr create read write open unlink };

allow goldfish_setup execns_exec:file rx_file_perms;

allow goldfish_setup proc_net:file w_file_perms;

target/board/generic/sepolicy/ipv6proxy.te

0 → 100644
+15 −0
Original line number Diff line number Diff line 
# IPv6 proxying

type ipv6proxy, domain, domain_deprecated;

type ipv6proxy_exec, exec_type, file_type;



init_daemon_domain(ipv6proxy)

net_domain(ipv6proxy)



# Allow ipv6proxy to be run by execns in its own domain

domain_auto_trans(execns, ipv6proxy_exec, ipv6proxy);

allow ipv6proxy execns:fd use;



allow ipv6proxy self:capability { sys_admin sys_module net_admin net_raw };

allow ipv6proxy self:packet_socket { bind create read };

allow ipv6proxy self:netlink_route_socket nlmsg_write;

allow ipv6proxy varrun_file:dir search;