Move net.dns* to it's own label.
Move net.dns* from net_radio_prop to the newly created label
net_dns_prop. This allows finer grain control over this specific
property.
Prior to this change, this property was readable to all SELinux domains,
and writable by the following SELinux domains:
* system_server
* system_app (apps which run as UID=system)
* netmgrd
* radio
This change:
1) Removes read access to this property to everyone EXCEPT untrusted_app
and system_server.
2) Limit write access to system_server.
In particular, this change removes read access to priv_apps. Any
priv_app which ships with the system should not be reading this
property.
Bug: 34115651
Test: Device boots, wifi turns on, no problems browsing the internet
Change-Id: I8a32e98c4f573d634485c4feac91baa35d021d38
diff --git a/private/system_server.te b/private/system_server.te
index d0483f5..30fe3e2 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -394,6 +394,7 @@
set_prop(system_server, safemode_prop)
set_prop(system_server, dhcp_prop)
set_prop(system_server, net_radio_prop)
+set_prop(system_server, net_dns_prop)
set_prop(system_server, system_radio_prop)
set_prop(system_server, debug_prop)
set_prop(system_server, powerctl_prop)