openkylin
/
platform_build
mirror of https://gitee.com/openkylin/platform_build.git
9
0
Fork 1
Code Issues Projects Releases Wiki Activity

goldfish_setup: grant ifconfig priv_sock_ioctls 

The goldfish_setup shell script needs the ability to set the interface
address via ifconfig. This requires SIOCSIFADDR plus other ioctl
permissions, therefore allow the set of priv_sock_ioctls permissions.

Addresses the following denial that stops internet access via browser:
avc: denied { ioctl } for pid=712 comm="ifconfig" path="socket:[1825]"
dev="sockfs" ino=1825 ioctlcmd=8916 scontext=u:r:goldfish_setup:s0
tcontext=u:r:goldfish_setup:s0 tclass=udp_socket permissive=0

Test: With update can access internet via browser.

Change-Id: I77a52c0b72bb0ebe9451f45c346a399c1f61672d
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
This commit is contained in:
Richard Haines 2016-10-20 15:47:44 +01:00
parent 92396e1747
commit 8a09cc2297
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
target/board/generic/sepolicy/goldfish_setup.te
View File

@ -12,6 +12,7 @@ allow goldfish_setup system_file:file execute_no_trans;
allow goldfish_setup toolbox_exec:file rx_file_perms;
allow goldfish_setup self:capability { net_admin net_raw };
allow goldfish_setup self:udp_socket create_socket_perms;
allowxperm goldfish_setup self:udp_socket ioctl priv_sock_ioctls;
net_domain(goldfish_setup)