Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / bf18eca5ce1ead95d3ea1b39836059dcea6825a3
commitbf18eca5ce1ead95d3ea1b39836059dcea6825a3[log] [tgz]
authorChristopher Wiley <wiley@google.com>Wed Jun 29 11:28:20 2016 -0700
committerMitchell Wills <mwills@google.com>Fri Aug 26 13:15:52 2016 -0700
tree647ad8997162e9bf98e549874783f04018551030
parent97db27d8c535b8ffc704c62f2c0b65e57001649b [diff]
Separate permissions to set WiFi related properties

wificond would like to be able to set WiFi related properties
without access to the rest of the system properties.  Today,
this only involves marking the driver as loaded or unloaded.

avc: denied { write } for name="property_service" dev="tmpfs" ino=10100
scontext=u:r:wificond:s0 tcontext=u:object_r:property_socket:s0
tclass=sock_file permissive=0

Bug: 29579539
Test: No avc denials related to system properties across
      various WiFi events.

Change-Id: I6d9f1de3fbef04cb7750cc3753634f9e02fdb71f
(cherry picked from commit 1ebfdd6a14fb21705664c8e144f151b39c3d73f8)
4 files changed
tree: 647ad8997162e9bf98e549874783f04018551030
  1. tools/
  2. access_vectors
  3. adbd.te
  4. Android.mk
  5. app.te
  6. atrace.te
  7. attributes
  8. audioserver.te
  9. autoplay_app.te
  10. binderservicedomain.te
  11. blkid.te
  12. blkid_untrusted.te
  13. bluetooth.te
  14. bluetoothdomain.te
  15. boot_control_hal.te
  16. bootanim.te
  17. bootstat.te
  18. cameraserver.te
  19. clatd.te
  20. CleanSpec.mk
  21. debuggerd.te
  22. device.te
  23. dex2oat.te
  24. dhcp.te
  25. dnsmasq.te
  26. domain.te
  27. domain_deprecated.te
  28. drmserver.te
  29. dumpstate.te
  30. file.te
  31. file_contexts
  32. file_contexts_asan
  33. fingerprintd.te
  34. fs_use
  35. fsck.te
  36. fsck_untrusted.te
  37. gatekeeperd.te
  38. genfs_contexts
  39. global_macros
  40. hci_attach.te
  41. healthd.te
  42. hostapd.te
  43. idmap.te
  44. init.te
  45. initial_sid_contexts
  46. initial_sids
  47. inputflinger.te
  48. install_recovery.te
  49. installd.te
  50. ioctl_defines
  51. ioctl_macros
  52. isolated_app.te
  53. kernel.te
  54. keys.conf
  55. keystore.te
  56. lmkd.te
  57. logd.te
  58. mac_permissions.xml
  59. mdnsd.te
  60. mediacodec.te
  61. mediadrmserver.te
  62. mediaextractor.te
  63. mediaserver.te
  64. mls
  65. mls_macros
  66. MODULE_LICENSE_PUBLIC_DOMAIN
  67. mtp.te
  68. net.te
  69. netd.te
  70. neverallow_macros
  71. nfc.te
  72. NOTICE
  73. otapreopt_chroot.te
  74. perfprofd.te
  75. platform_app.te
  76. policy_capabilities
  77. port_contexts
  78. postinstall.te
  79. postinstall_dexopt.te
  80. ppp.te
  81. priv_app.te
  82. profman.te
  83. property.te
  84. property_contexts
  85. racoon.te
  86. radio.te
  87. README
  88. recovery.te
  89. recovery_persist.te
  90. recovery_refresh.te
  91. rild.te
  92. roles
  93. runas.te
  94. sdcardd.te
  95. seapp_contexts
  96. security_classes
  97. service.te
  98. service_contexts
  99. servicemanager.te
  100. sgdisk.te
  101. shared_relro.te
  102. shell.te
  103. slideshow.te
  104. su.te
  105. surfaceflinger.te
  106. system_app.te
  107. system_server.te
  108. te_macros
  109. tee.te
  110. toolbox.te
  111. tzdatacheck.te
  112. ueventd.te
  113. uncrypt.te
  114. untrusted_app.te
  115. update_engine.te
  116. update_engine_common.te
  117. update_verifier.te
  118. users
  119. vdc.te
  120. vold.te
  121. watchdogd.te
  122. wificond.te
  123. wpa.te
  124. zygote.te