commit d28ac521c6b3dd692c61d533f361e972e6b4ec5b
author Nick Kralevich <nnk@google.com> Fri Feb 21 20:52:18 2014 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Fri Feb 21 20:52:18 2014 +0000
tree de1295792e442c276cf7df14f4957ad28b0783a0
parent 49d713af3240123794bfa75a7dc77d6d01697eb1
parent b3cb9695c43d3b1353a10d35dd025ad7b9700365

Merge "Clarify init_shell, shell, and su domain usage."

hostapd.te

diff --git a/hostapd.te b/hostapd.te
index a5ed62a..e6e88e9 100644
--- a/hostapd.te
+++ b/hostapd.te
@@ -11,6 +11,7 @@
 
 allow hostapd wifi_data_file:file rw_file_perms;
 allow hostapd wifi_data_file:dir create_dir_perms;
+type_transition hostapd wifi_data_file:dir wpa_socket "sockets";
 allow hostapd wpa_socket:dir create_dir_perms;
 allow hostapd wpa_socket:sock_file create_file_perms;
 allow hostapd netd:fd use;

system_server.te

diff --git a/system_server.te b/system_server.te
index 945b59b..ca95abf 100644
--- a/system_server.te
+++ b/system_server.te
@@ -255,4 +255,4 @@
 # Be consistent with DAC permissions. Allow system_server to write to
 # /sys/module/lowmemorykiller/parameters/adj
 # /sys/module/lowmemorykiller/parameters/minfree
-allow system_server sysfs_lowmemorykiller:file w_file_perms;
+allow system_server sysfs_lowmemorykiller:file { getattr w_file_perms };

wpa_supplicant.te

diff --git a/wpa_supplicant.te b/wpa_supplicant.te
index 1ebf556..fd454bf 100644
--- a/wpa_supplicant.te
+++ b/wpa_supplicant.te
@@ -16,8 +16,8 @@
 allow wpa random_device:chr_file r_file_perms;
 
 # Create a socket for receiving info from wpa
-type_transition wpa wifi_data_file:sock_file wpa_socket;
-allow wpa wpa_socket:dir { rw_dir_perms setattr };
+type_transition wpa wifi_data_file:dir wpa_socket "sockets";
+allow wpa wpa_socket:dir create_dir_perms;
 allow wpa wpa_socket:sock_file create_file_perms;
 
 # Allow wpa_cli to work. wpa_cli creates a socket in