diff options
author | Robert Craig <rpcraig@tycho.ncsc.mil> | 2014-03-06 09:57:39 -0500 |
---|---|---|
committer | Robert Craig <rpcraig@tycho.ncsc.mil> | 2014-03-06 09:58:54 -0500 |
commit | 7d74efb6558dd0d1eb60f93488f9ffb384a3a259 (patch) | |
tree | a24630c2f8ea6207dd026986366a7f0752b5351e /sepolicy | |
parent | 0e3be7597988f505109a5f3df92984718b520e6a (diff) | |
download | mako-7d74efb6558dd0d1eb60f93488f9ffb384a3a259.tar.gz |
SELinux: Allow hostapd to read wifi data files under /persist.
Addresses the following denials:
avc: denied { search } for pid=9143 comm="hostapd" name="wifi" dev="mmcblk0p16" ino=12 scontext=u:r:hostapd:s0 tcontext=u:object_r:persist_wifi_file:s0 tclass=dir
avc: denied { getattr } for pid=9143 comm="hostapd" path="/persist/wifi/.macaddr" dev="mmcblk0p16" ino=19 scontext=u:r:hostapd:s0 tcontext=u:object_r:persist_wifi_file:s0 tclass=file
avc: denied { read } for pid=9143 comm="hostapd" name=".macaddr" dev="mmcblk0p16" ino=19 scontext=u:r:hostapd:s0 tcontext=u:object_r:persist_wifi_file:s0 tclass=file
avc: denied { open } for pid=9143 comm="hostapd" name=".macaddr" dev="mmcblk0p16" ino=19 scontext=u:r:hostapd:s0 tcontext=u:object_r:persist_wifi_file:s0 tclass=file
Change-Id: I5d84b3eb7a7d1dada1fa74f111aa6140acb921b6
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Diffstat (limited to 'sepolicy')
-rw-r--r-- | sepolicy/hostapd.te | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/sepolicy/hostapd.te b/sepolicy/hostapd.te new file mode 100644 index 0000000..f7a4b92 --- /dev/null +++ b/sepolicy/hostapd.te @@ -0,0 +1,3 @@ +# Reading from /persist/wifi/.macaddr +allow hostapd persist_file:dir r_dir_perms; +r_dir_file(hostapd, persist_wifi_file) |