diff options
| author | Kees Cook <keescook@google.com> | 2016-05-20 13:55:42 -0700 |
|---|---|---|
| committer | Kees Cook <keescook@google.com> | 2016-05-20 13:57:38 -0700 |
| commit | db4c48bcee10d4b707ccb966a14f2ebb0ca5245d (patch) | |
| tree | 56ef7a72d4a04111d77b754f86f099daca4b653e | |
| parent | 9feda990fc8fd442fae897208668bc1bd8dfad0d (diff) | |
| download | brillo-db4c48bcee10d4b707ccb966a14f2ebb0ca5245d.tar.gz | |
selinux: allow getattr for brillo_setup
It seems something may have changed with bash to start needing getattr
to run scripts. This was causing initnetwork.sh to fail, which also
needed its "route" command changed to "ip route" since "route" is missing
too now.
Bug: 28864097
Change-Id: Ieedd9c282cd95c9e207e13b082ea65e92bea8f4f
| -rw-r--r-- | brilloemulator_arm/bsp/initnetwork.sh | 2 | ||||
| -rw-r--r-- | brilloemulator_arm64/bsp/initnetwork.sh | 2 | ||||
| -rw-r--r-- | brilloemulator_x86/bsp/initnetwork.sh | 2 | ||||
| -rw-r--r-- | brilloemulator_x86_64/bsp/initnetwork.sh | 2 | ||||
| -rw-r--r-- | sepolicy/brillo_setup.te | 1 |
5 files changed, 5 insertions, 4 deletions
diff --git a/brilloemulator_arm/bsp/initnetwork.sh b/brilloemulator_arm/bsp/initnetwork.sh index ed8b493..21074c2 100644 --- a/brilloemulator_arm/bsp/initnetwork.sh +++ b/brilloemulator_arm/bsp/initnetwork.sh @@ -2,6 +2,6 @@ # Setup networking when boot starts ifconfig eth0 10.0.2.15 netmask 255.255.255.0 up -route add default gw 10.0.2.2 +ip route add default via 10.0.2.2 # Open up port 5555 for adb iptables -I INPUT -p tcp --dport 5555 -j ACCEPT -w diff --git a/brilloemulator_arm64/bsp/initnetwork.sh b/brilloemulator_arm64/bsp/initnetwork.sh index ed8b493..21074c2 100644 --- a/brilloemulator_arm64/bsp/initnetwork.sh +++ b/brilloemulator_arm64/bsp/initnetwork.sh @@ -2,6 +2,6 @@ # Setup networking when boot starts ifconfig eth0 10.0.2.15 netmask 255.255.255.0 up -route add default gw 10.0.2.2 +ip route add default via 10.0.2.2 # Open up port 5555 for adb iptables -I INPUT -p tcp --dport 5555 -j ACCEPT -w diff --git a/brilloemulator_x86/bsp/initnetwork.sh b/brilloemulator_x86/bsp/initnetwork.sh index 4c6be60..73831f8 100644 --- a/brilloemulator_x86/bsp/initnetwork.sh +++ b/brilloemulator_x86/bsp/initnetwork.sh @@ -2,6 +2,6 @@ # Set up networking when boot starts. ifconfig eth0 10.0.2.15 netmask 255.255.255.0 up -route add default gw 10.0.2.2 +ip route add default via 10.0.2.2 # Open up port 5555 for adb. iptables -I INPUT -p tcp --dport 5555 -j ACCEPT -w diff --git a/brilloemulator_x86_64/bsp/initnetwork.sh b/brilloemulator_x86_64/bsp/initnetwork.sh index 4c6be60..73831f8 100644 --- a/brilloemulator_x86_64/bsp/initnetwork.sh +++ b/brilloemulator_x86_64/bsp/initnetwork.sh @@ -2,6 +2,6 @@ # Set up networking when boot starts. ifconfig eth0 10.0.2.15 netmask 255.255.255.0 up -route add default gw 10.0.2.2 +ip route add default via 10.0.2.2 # Open up port 5555 for adb. iptables -I INPUT -p tcp --dport 5555 -j ACCEPT -w diff --git a/sepolicy/brillo_setup.te b/sepolicy/brillo_setup.te index 0218bf1..3846ba8 100644 --- a/sepolicy/brillo_setup.te +++ b/sepolicy/brillo_setup.te @@ -8,6 +8,7 @@ net_domain(brillo_setup) # Inherit open file to shell (interpreter) for script. allow brillo_setup shell_exec:file read; +allow brillo_setup shell_exec:file getattr; # Configure interfaces, routes and firewall rules. allow brillo_setup self:capability { net_admin net_raw }; |