forked from openkylin/platform_build
Add SELinux configuration for new DHCP programs
Add the dhcpclient and dhcpserver binary files to the makefile and file_contexts and give them the appropriate SELinux permissions to run. BUG: 74514143 Test: Build emulator image and manually verify WiFi functionality Change-Id: Ia472ef4c86c9b6ba967c0fc7443db607aed1e485 (cherry picked from commit 917bda2587d219e35404a298c05a7179519815c1) (cherry picked from commit 87b9f937113801b50612863cb13e6391cc1f3105) (cherry picked from commit 760a19890ac99144f6b143015c36e7aaa3797c73)
This commit is contained in:
parent
12fd2d8824
commit
3c4b342323
|
@ -0,0 +1,16 @@
|
||||||
|
# DHCP client
|
||||||
|
type dhcpclient, domain, domain_deprecated;
|
||||||
|
type dhcpclient_exec, exec_type, file_type;
|
||||||
|
|
||||||
|
init_daemon_domain(dhcpclient)
|
||||||
|
net_domain(dhcpclient)
|
||||||
|
|
||||||
|
allow dhcpclient execns:fd use;
|
||||||
|
|
||||||
|
set_prop(dhcpclient, net_eth0_prop);
|
||||||
|
allow dhcpclient self:capability { net_admin net_raw };
|
||||||
|
allow dhcpclient self:packet_socket { create bind ioctl read write };
|
||||||
|
allow dhcpclient self:udp_socket { ioctl create };
|
||||||
|
allow dhcpclient self:netlink_route_socket { write nlmsg_write };
|
||||||
|
allow dhcpclient varrun_file:dir search;
|
||||||
|
|
|
@ -0,0 +1,12 @@
|
||||||
|
# DHCP server
|
||||||
|
type dhcpserver, domain, domain_deprecated;
|
||||||
|
type dhcpserver_exec, exec_type, file_type;
|
||||||
|
|
||||||
|
init_daemon_domain(dhcpserver)
|
||||||
|
net_domain(dhcpserver)
|
||||||
|
|
||||||
|
allow dhcpserver execns:fd use;
|
||||||
|
|
||||||
|
get_prop(dhcpserver, net_eth0_prop);
|
||||||
|
allow dhcpserver self:udp_socket { ioctl create setopt bind };
|
||||||
|
allow dhcpserver self:capability { net_raw net_bind_service };
|
|
@ -10,6 +10,12 @@ allow execns self:capability sys_admin;
|
||||||
#Allow execns itself to be run by init in its own domain
|
#Allow execns itself to be run by init in its own domain
|
||||||
domain_auto_trans(init, execns_exec, execns);
|
domain_auto_trans(init, execns_exec, execns);
|
||||||
|
|
||||||
|
# Allow dhcpclient to be run by execns in its own domain
|
||||||
|
domain_auto_trans(execns, dhcpclient_exec, dhcpclient);
|
||||||
|
|
||||||
|
# Allow dhcpserver to be run by execns in its own domain
|
||||||
|
domain_auto_trans(execns, dhcpserver_exec, dhcpserver);
|
||||||
|
|
||||||
# Allow hostapd to be run by execns in its own domain
|
# Allow hostapd to be run by execns in its own domain
|
||||||
domain_auto_trans(execns, hostapd_exec, hostapd);
|
domain_auto_trans(execns, hostapd_exec, hostapd);
|
||||||
allow hostapd execns:fd use;
|
allow hostapd execns:fd use;
|
||||||
|
|
|
@ -20,6 +20,8 @@
|
||||||
/vendor/bin/qemu-props u:object_r:qemu_props_exec:s0
|
/vendor/bin/qemu-props u:object_r:qemu_props_exec:s0
|
||||||
/system/bin/execns u:object_r:execns_exec:s0
|
/system/bin/execns u:object_r:execns_exec:s0
|
||||||
/system/bin/ipv6proxy u:object_r:ipv6proxy_exec:s0
|
/system/bin/ipv6proxy u:object_r:ipv6proxy_exec:s0
|
||||||
|
/system/bin/dhcpclient u:object_r:dhcpclient_exec:s0
|
||||||
|
/system/bin/dhcpserver u:object_r:dhcpserver_exec:s0
|
||||||
|
|
||||||
/vendor/bin/hw/android\.hardware\.drm@1\.0-service\.widevine u:object_r:hal_drm_widevine_exec:s0
|
/vendor/bin/hw/android\.hardware\.drm@1\.0-service\.widevine u:object_r:hal_drm_widevine_exec:s0
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
type qemu_prop, property_type;
|
type qemu_prop, property_type;
|
||||||
type qemu_cmdline, property_type;
|
type qemu_cmdline, property_type;
|
||||||
type radio_noril_prop, property_type;
|
type radio_noril_prop, property_type;
|
||||||
|
type net_eth0_prop, property_type;
|
||||||
|
|
|
@ -3,3 +3,4 @@ qemu.cmdline u:object_r:qemu_cmdline:s0
|
||||||
ro.emu. u:object_r:qemu_prop:s0
|
ro.emu. u:object_r:qemu_prop:s0
|
||||||
ro.emulator. u:object_r:qemu_prop:s0
|
ro.emulator. u:object_r:qemu_prop:s0
|
||||||
ro.radio.noril u:object_r:radio_noril_prop:s0
|
ro.radio.noril u:object_r:radio_noril_prop:s0
|
||||||
|
net.eth0. u:object_r:net_eth0_prop:s0
|
||||||
|
|
|
@ -118,6 +118,8 @@ PRODUCT_PACKAGES += \
|
||||||
|
|
||||||
# WiFi
|
# WiFi
|
||||||
PRODUCT_PACKAGES += \
|
PRODUCT_PACKAGES += \
|
||||||
|
dhcpclient \
|
||||||
|
dhcpserver \
|
||||||
execns \
|
execns \
|
||||||
hostapd \
|
hostapd \
|
||||||
ip \
|
ip \
|
||||||
|
|
Loading…
Reference in New Issue