openkylin
/
platform_build
mirror of https://gitee.com/openkylin/platform_build.git
9
0
Fork 1
Code Issues Projects Releases Wiki Activity

Merge "Support new hostapd build target without HIDL"

This commit is contained in:
Treehugger Robot 2018-06-12 12:49:49 +00:00 committed by Gerrit Code Review
parent 41e2fd3dd8 a53c522678
commit acbfc3fb94
3 changed files with 20 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
target/board/generic/sepolicy/execns.te
View File

@ -6,7 +6,7 @@ init_daemon_domain(execns)
allow execns varrun_file:dir search;
allow execns varrun_file:file r_file_perms;
allow execns self:capability sys_admin;
allow execns self:capability { sys_admin setuid setgid };
allow execns nsfs:file { open read };
#Allow execns itself to be run by init in its own domain
@ -18,15 +18,8 @@ domain_auto_trans(execns, dhcpclient_exec, dhcpclient);
# Allow dhcpserver to be run by execns in its own domain
domain_auto_trans(execns, dhcpserver_exec, dhcpserver);
# Rules to allow execution of hostapd and allow it to run
allow execns hal_wifi_hostapd_default_exec:file { execute_no_trans };
allow execns self:capability { net_admin net_raw };
allow execns self:netlink_generic_socket { bind create getattr read setopt write };
allow execns self:netlink_route_socket { bind create read write nlmsg_write };
allow execns execns:udp_socket { create ioctl };
allow execns self:packet_socket { create setopt };
allow execns sysfs_net:dir { search };
allowxperm execns self:udp_socket ioctl priv_sock_ioctls;
# Allow hostapd_nohidl to be run by execns in its own domain
domain_auto_trans(execns, hostapd_nohidl_exec, hostapd_nohidl);
# Allow execns to read createns proc file to get the namespace file
allow execns createns:file read;

1
target/board/generic/sepolicy/file_contexts
View File

@ -24,6 +24,7 @@
/vendor/bin/ipv6proxy u:object_r:ipv6proxy_exec:s0
/vendor/bin/dhcpclient u:object_r:dhcpclient_exec:s0
/vendor/bin/dhcpserver u:object_r:dhcpserver_exec:s0
/vendor/bin/hostapd_nohidl u:object_r:hostapd_nohidl_exec:s0
/vendor/bin/hw/android\.hardware\.drm@1\.0-service\.widevine u:object_r:hal_drm_widevine_exec:s0

16
target/board/generic/sepolicy/hostapd_nohidl.te Normal file
View File

@ -0,0 +1,16 @@
type hostapd_nohidl, domain;
type hostapd_nohidl_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hostapd_nohidl)
net_domain(hostapd_nohidl)
allow hostapd_nohidl execns:fd use;
allow hostapd_nohidl self:capability { net_admin net_raw };
allow hostapd_nohidl self:netlink_generic_socket { bind create getattr read setopt write };
allow hostapd_nohidl self:netlink_route_socket nlmsg_write;
allow hostapd_nohidl self:packet_socket { create setopt };
allowxperm hostapd_nohidl self:udp_socket ioctl priv_sock_ioctls;
# hostapd will attempt to search sysfs but it's not needed and will spam the log
dontaudit hostapd_nohidl sysfs_net:dir search;