Add SELinux configuration for new DHCP programs

Add the dhcpclient and dhcpserver binary files to the makefile and
file_contexts and give them the appropriate SELinux permissions to run.

BUG: 74514143
Test: Build emulator image and manually verify WiFi functionality
Change-Id: Ia472ef4c86c9b6ba967c0fc7443db607aed1e485
(cherry picked from commit 917bda2587d219e35404a298c05a7179519815c1)
(cherry picked from commit 87b9f937113801b50612863cb13e6391cc1f3105)
(cherry picked from commit 760a19890ac99144f6b143015c36e7aaa3797c73)
This commit is contained in:
Bjoern Johansson 2017-07-06 15:52:57 -07:00
parent 12fd2d8824
commit 3c4b342323
7 changed files with 40 additions and 0 deletions

View File

@ -0,0 +1,16 @@
# DHCP client
type dhcpclient, domain, domain_deprecated;
type dhcpclient_exec, exec_type, file_type;
init_daemon_domain(dhcpclient)
net_domain(dhcpclient)
allow dhcpclient execns:fd use;
set_prop(dhcpclient, net_eth0_prop);
allow dhcpclient self:capability { net_admin net_raw };
allow dhcpclient self:packet_socket { create bind ioctl read write };
allow dhcpclient self:udp_socket { ioctl create };
allow dhcpclient self:netlink_route_socket { write nlmsg_write };
allow dhcpclient varrun_file:dir search;

View File

@ -0,0 +1,12 @@
# DHCP server
type dhcpserver, domain, domain_deprecated;
type dhcpserver_exec, exec_type, file_type;
init_daemon_domain(dhcpserver)
net_domain(dhcpserver)
allow dhcpserver execns:fd use;
get_prop(dhcpserver, net_eth0_prop);
allow dhcpserver self:udp_socket { ioctl create setopt bind };
allow dhcpserver self:capability { net_raw net_bind_service };

View File

@ -10,6 +10,12 @@ allow execns self:capability sys_admin;
#Allow execns itself to be run by init in its own domain #Allow execns itself to be run by init in its own domain
domain_auto_trans(init, execns_exec, execns); domain_auto_trans(init, execns_exec, execns);
# Allow dhcpclient to be run by execns in its own domain
domain_auto_trans(execns, dhcpclient_exec, dhcpclient);
# Allow dhcpserver to be run by execns in its own domain
domain_auto_trans(execns, dhcpserver_exec, dhcpserver);
# Allow hostapd to be run by execns in its own domain # Allow hostapd to be run by execns in its own domain
domain_auto_trans(execns, hostapd_exec, hostapd); domain_auto_trans(execns, hostapd_exec, hostapd);
allow hostapd execns:fd use; allow hostapd execns:fd use;

View File

@ -20,6 +20,8 @@
/vendor/bin/qemu-props u:object_r:qemu_props_exec:s0 /vendor/bin/qemu-props u:object_r:qemu_props_exec:s0
/system/bin/execns u:object_r:execns_exec:s0 /system/bin/execns u:object_r:execns_exec:s0
/system/bin/ipv6proxy u:object_r:ipv6proxy_exec:s0 /system/bin/ipv6proxy u:object_r:ipv6proxy_exec:s0
/system/bin/dhcpclient u:object_r:dhcpclient_exec:s0
/system/bin/dhcpserver u:object_r:dhcpserver_exec:s0
/vendor/bin/hw/android\.hardware\.drm@1\.0-service\.widevine u:object_r:hal_drm_widevine_exec:s0 /vendor/bin/hw/android\.hardware\.drm@1\.0-service\.widevine u:object_r:hal_drm_widevine_exec:s0

View File

@ -1,3 +1,4 @@
type qemu_prop, property_type; type qemu_prop, property_type;
type qemu_cmdline, property_type; type qemu_cmdline, property_type;
type radio_noril_prop, property_type; type radio_noril_prop, property_type;
type net_eth0_prop, property_type;

View File

@ -3,3 +3,4 @@ qemu.cmdline u:object_r:qemu_cmdline:s0
ro.emu. u:object_r:qemu_prop:s0 ro.emu. u:object_r:qemu_prop:s0
ro.emulator. u:object_r:qemu_prop:s0 ro.emulator. u:object_r:qemu_prop:s0
ro.radio.noril u:object_r:radio_noril_prop:s0 ro.radio.noril u:object_r:radio_noril_prop:s0
net.eth0. u:object_r:net_eth0_prop:s0

View File

@ -118,6 +118,8 @@ PRODUCT_PACKAGES += \
# WiFi # WiFi
PRODUCT_PACKAGES += \ PRODUCT_PACKAGES += \
dhcpclient \
dhcpserver \
execns \ execns \
hostapd \ hostapd \
ip \ ip \