Evolution-x-devices/device_google_wahoo
2
0
Fork 0
mirror of https://github.com/Evolution-X-Devices/device_google_wahoo synced 2026-01-30 13:28:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Mark vendor components that access core data types

Browse Source 
Grant these components a temporary exemption to a neverallow rule
asserting vendor processes may not access core data types outside
/data/vendor.

Bug: 34980020
Test: Build and boot Muskie.
Change-Id: I1e536fb7c09a3a2907d06db8304279551a6de81e
This commit is contained in:
Jeff Vander Stoep
2017-03-28 13:13:11 -07:00
parent 626d542203
commit 5182fda3a2
4 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
sepolicy/init_radio.te
View File

@@ -7,6 +7,10 @@ init_daemon_domain(init_radio)
allow init_radio shell_exec:file r_file_perms;
allow init_radio toolbox_exec:file rx_file_perms;
# TODO(b/36663092): Remove once init_radio no longer accesses data
# outside /data/vendor. Also, the label cannot be radio_data_file since
# that belongs to the radio app.
typeattribute init_radio coredata_in_vendor_violators;
allow init_radio radio_data_file:dir create_dir_perms;
allow init_radio radio_data_file:file create_file_perms;

4
sepolicy/netmgrd.te
View File

@@ -30,6 +30,10 @@ r_dir_file(netmgrd, sysfs_msm_subsys)
wakelock_use(netmgrd)
allow netmgrd proc_net:file rw_file_perms;
# TODO(b/36663482): Remove coredata_in_vendor_violators once
# netmgrd no longer directly accesses /data outside
# /data/vendor.
typeattribute netmgrd coredata_in_vendor_violators;
allow netmgrd net_data_file:dir r_dir_perms;
allow netmgrd net_data_file:file r_file_perms;
allow netmgrd netmgr_data_file:dir rw_dir_perms;

5
sepolicy/nfc_hal_pn54x.te
View File

@@ -19,7 +19,10 @@ set_prop(nfc_hal_pn54x, nfc_prop)
# NFC device access.
allow nfc_hal_pn54x nfc_device:chr_file rw_file_perms;
# Data file accesses.
# TODO(b/36686703): Remove once nfc_hal_pn54x is no longer accesses data
# outside /data/vendor. Also, the label cannot be nfc_data_file since
# that belongs to the nfc app.
typeattribute nfc_hal_pn54x coredata_in_vendor_violators;
allow nfc_hal_pn54x nfc_data_file:dir create_dir_perms;
allow nfc_hal_pn54x nfc_data_file:notdevfile_class_set create_file_perms;

4
sepolicy/wcnss_service.te
View File

@@ -19,6 +19,10 @@ allowxperm wcnss_service self:socket ioctl msm_sock_ipc_ioctls;
allow wcnss_service self:netlink_generic_socket create_socket_perms_no_ioctl;
allow wcnss_service self:netlink_socket create_socket_perms_no_ioctl;
# TODO(b/36683225): Remove this once wcnss_service stops accessing data
# outside /data/vendor.
typeattribute wcnss_service coredata_in_vendor_violators;
allow wcnss_service wifi_data_file:dir rw_dir_perms;
allow wcnss_service wifi_data_file:file create_file_perms;