diff options
author | Robert Craig <rpcraig@tycho.ncsc.mil> | 2013-12-11 16:15:05 -0500 |
---|---|---|
committer | rpcraig <rpcraig@tycho.ncsc.mil> | 2013-12-11 16:23:11 -0500 |
commit | a84f78c756ba02f93ef65016ae2e0159e0191161 (patch) | |
tree | 72703f35327953538d92764ed8967c3ff3922ddd /sepolicy | |
parent | 319a55749d307ba1d423486d85828b07eb54f0b6 (diff) | |
download | mako-a84f78c756ba02f93ef65016ae2e0159e0191161.tar.gz |
Address new netmgrd data connectivity denials.
Patch fixes the following denials seen when trying
to use data service on the phone.
denied { create } for pid=5042 comm="netmgrd" scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=packet_socket
denied { bind } for pid=5042 comm="netmgrd" scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=packet_socket
denied { write } for pid=5042 comm="netmgrd" scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=packet_socket
denied { read } for pid=5042 comm="netmgrd" path="socket:[17231]" dev="sockfs" ino=17231 scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=packet_socket
denied { write } for pid=541 comm="netmgrd" name="property_service" dev="tmpfs" ino=6583 scontext=u:r:netmgrd:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file
denied { set } for property=net.rmnet_usb0.dns1 scontext=u:r:netmgrd:s0 tcontext=u:object_r:system_prop:s0 tclass=property_service
denied { nlmsg_read } for pid=6365 comm="ip" scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=netlink_route_socket
denied { nlmsg_write } for pid=6365 comm="ip" scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=netlink_route_socket
Change-Id: Iee4bb5b4f3c9d17419ebf69f2764151ec7979249
Diffstat (limited to 'sepolicy')
-rw-r--r-- | sepolicy/netmgrd.te | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/sepolicy/netmgrd.te b/sepolicy/netmgrd.te index dc63a8a..52bbc70 100644 --- a/sepolicy/netmgrd.te +++ b/sepolicy/netmgrd.te @@ -13,7 +13,12 @@ dontaudit netmgrd self:capability sys_module; allow netmgrd self:udp_socket { create ioctl }; allow netmgrd self:netlink_socket create_socket_perms; -allow netmgrd self:netlink_route_socket create_socket_perms; +allow netmgrd self:netlink_route_socket { create_socket_perms nlmsg_read nlmsg_write }; +allow netmgrd self:packet_socket create_socket_perms; + +# set net.rmnet* properties. +unix_socket_connect(netmgrd, property, init) +allow netmgrd system_prop:property_service set; # Talk to qmuxd (qmux_radio) qmux_socket(netmgrd) |