diff options
author | Matthew Maurer <mmaurer@google.com> | 2019-01-15 13:56:41 -0800 |
---|---|---|
committer | Matthew Maurer <mmaurer@google.com> | 2019-01-16 15:46:28 -0800 |
commit | fd68d47acd6dd251c27f52d22b078c21ba64d960 (patch) | |
tree | 966f2f6b8990d208ee56c53a8f6507a4d7c8b9ae /sepolicy | |
parent | a8c9e875ba447bfc09ab1c760edafd78caab7f27 (diff) | |
download | trusty-fd68d47acd6dd251c27f52d22b078c21ba64d960.tar.gz |
Add trusty emulator target
Create an android target suitable for running tests against via adb +
trusty qemu
Test: 'lunch qemu_trusty_arm64-userdebug; make'
Change-Id: I2e6d99bd83ff1d4b55051420a8a14704b86a1e0b
Diffstat (limited to 'sepolicy')
-rw-r--r-- | sepolicy/dhcpclient.te | 18 | ||||
-rw-r--r-- | sepolicy/file.te | 1 | ||||
-rw-r--r-- | sepolicy/file_contexts | 3 | ||||
-rw-r--r-- | sepolicy/trusty_test.te | 3 |
4 files changed, 25 insertions, 0 deletions
diff --git a/sepolicy/dhcpclient.te b/sepolicy/dhcpclient.te new file mode 100644 index 0000000..7aeb2f4 --- /dev/null +++ b/sepolicy/dhcpclient.te @@ -0,0 +1,18 @@ +# DHCP client +type dhcpclient, domain; +type dhcpclient_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(dhcpclient) +net_domain(dhcpclient) + +dontaudit dhcpclient kernel:system module_request; +allow dhcpclient self:capability { net_admin net_raw }; +allow dhcpclient self:udp_socket create; +allow dhcpclient self:netlink_route_socket { write nlmsg_write }; +allow dhcpclient varrun_file:dir search; +allow dhcpclient self:packet_socket { create bind write read }; +allowxperm dhcpclient self:udp_socket ioctl { SIOCSIFFLAGS + SIOCSIFADDR + SIOCSIFNETMASK + SIOCSIFMTU + SIOCGIFHWADDR }; diff --git a/sepolicy/file.te b/sepolicy/file.te new file mode 100644 index 0000000..b3bd582 --- /dev/null +++ b/sepolicy/file.te @@ -0,0 +1 @@ +type varrun_file, file_type, data_file_type, mlstrustedobject; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts new file mode 100644 index 0000000..6e7e8c6 --- /dev/null +++ b/sepolicy/file_contexts @@ -0,0 +1,3 @@ +/dev/trusty-ipc-dev0 u:object_r:trusty_ipc_device:s0 +/vendor/bin/dhcpclient u:object_r:dhcpclient_exec:s0 +/data/vendor/var/run(/.*)? u:object_r:varrun_file:s0 diff --git a/sepolicy/trusty_test.te b/sepolicy/trusty_test.te new file mode 100644 index 0000000..08d347a --- /dev/null +++ b/sepolicy/trusty_test.te @@ -0,0 +1,3 @@ +type trusty_ipc_device, dev_type; + +allow shell trusty_ipc_device:chr_file { open read write ioctl }; |