diff options
author | Star Chang <starchang@google.com> | 2022-06-29 02:07:32 +0000 |
---|---|---|
committer | Star Chang <starchang@google.com> | 2022-06-30 12:04:10 +0000 |
commit | 128a674db9514a6420b2b703a4edc65aad2b5c06 (patch) | |
tree | 2b24414e5b3cdcd4d484096e2b078033882e6b68 | |
parent | 000f5f721f7d009a0e1470914a97a5eed54d1d0c (diff) | |
download | pixel-sepolicy-128a674db9514a6420b2b703a4edc65aad2b5c06.tar.gz |
wifi_sniffer: add tcpdump related sepolicy
Bug: 237465412
Test: wifi_sniffer is workable
Ignore-AOSP-First: internal review from here first
Change-Id: I308c2cc32d0a2726daeb2271fca95ebf49babd35
-rw-r--r-- | wifi_sniffer/property_contexts | 3 | ||||
-rw-r--r-- | wifi_sniffer/wifi_sniffer.te | 14 |
2 files changed, 14 insertions, 3 deletions
diff --git a/wifi_sniffer/property_contexts b/wifi_sniffer/property_contexts index 19f7e76..cb55d65 100644 --- a/wifi_sniffer/property_contexts +++ b/wifi_sniffer/property_contexts @@ -1,3 +1,2 @@ -persist.vendor.wifi.sniffer.freq u:object_r:vendor_wifi_sniffer_prop:s0 -persist.vendor.wifi.sniffer.bandwidth u:object_r:vendor_wifi_sniffer_prop:s0 +persist.vendor.wifi.sniffer. u:object_r:vendor_wifi_sniffer_prop:s0 vendor.wifi.sniffer.start u:object_r:vendor_wifi_sniffer_prop:s0 diff --git a/wifi_sniffer/wifi_sniffer.te b/wifi_sniffer/wifi_sniffer.te index 3c9ad62..977d6da 100644 --- a/wifi_sniffer/wifi_sniffer.te +++ b/wifi_sniffer/wifi_sniffer.te @@ -12,7 +12,19 @@ userdebug_or_eng(` # interface up allowxperm wifi_sniffer self:udp_socket ioctl SIOCSIFFLAGS; - allow wifi_sniffer self:netlink_generic_socket create_socket_perms_no_ioctl; + allow wifi_sniffer self:netlink_generic_socket create_socket_perms; + allowxperm wifi_sniffer self:netlink_generic_socket ioctl { 0x8910 0x8946 }; + +# tcpdump + allow wifi_sniffer self:packet_socket create_socket_perms; + allowxperm wifi_sniffer self:packet_socket ioctl { 0x8933 0x8927 }; + allow wifi_sniffer self:unix_dgram_socket ioctl; + allowxperm wifi_sniffer self:unix_dgram_socket ioctl 0x8946; + allow wifi_sniffer sysfs_net:dir search; + allow wifi_sniffer sysfs_net:file r_file_perms; + allow wifi_sniffer tcpdump_exec:file rx_file_perms; + allow wifi_sniffer wifi_logging_data_file:file create_file_perms; + allow wifi_sniffer wifi_logging_data_file:dir create_dir_perms; get_prop(wifi_sniffer, vendor_wifi_sniffer_prop) ') |