Evolution-x-devices/device_google_wahoo
2
0
Fork 0
mirror of https://github.com/Evolution-X-Devices/device_google_wahoo synced 2026-02-01 03:40:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge "Annotate violators of "no sockets between core and vendor" rule"

Browse Source
This commit is contained in:
TreeHugger Robot
2017-03-28 00:04:53 +00:00
committed by Android (Google) Code Review
parent 23a96c7cb2 6b6e6bc3f4
commit 626d542203
4 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
sepolicy/cnd.te
View File

@@ -13,3 +13,6 @@ allow cnd self:socket create_socket_perms;
allowxperm cnd self:socket ioctl IPC_ROUTER_IOCTL_LOOKUP_SERVER;
init_daemon_domain(cnd)
# TODO(b/36613996): Remove this once system_app no longer communicates over sockets with cnd
typeattribute cnd socket_between_core_and_vendor_violators;

8
sepolicy/location.te
View File

@@ -30,3 +30,11 @@ r_dir_file(location, sysfs_type)
userdebug_or_eng(`
permissive location;
')
# TODO(b/34274385): Remove this once Wi-Fi HAL is guaranteed to not be run in passthrough mode
# What's going on here is that Wi-Fi HAL is talking over sockets to location daemon, which is
# permitted. However, those rules target hal_wifi rather than hal_wifi_server and thus are also
# granted to all clients of these HALs (e.g., system_server) which are core components, and
# socket communications between system components and vendor components are not permted.
# Once we switch full Treble devices to binderized only mode, this issue will disappear.
typeattribute location socket_between_core_and_vendor_violators;

4
sepolicy/rild.te
View File

@@ -11,3 +11,7 @@ unix_socket_connect(rild, netmgrd, netmgrd)
allow rild self:socket ioctl;
allowxperm rild self:socket ioctl msm_sock_ipc_ioctls;
# TODO(b/36613472): Remove this once system_server, mediaserver, radio, and bluetooth no longer
# communicate with rild over sockets.
typeattribute rild socket_between_core_and_vendor_violators;

9
sepolicy/wcnss_filter.te
View File

@@ -9,3 +9,12 @@ set_prop(wcnss_filter, bluetooth_prop)
userdebug_or_eng(`
permissive wcnss_filter;
')
# TODO(b/34274385): Remove this once Bluetooh HAL is guaranteed to not be run in passthrough mode
# What's going on here is that Bluetooth HAL is talking over sockets to wcnss_filter, which is
# permitted. However, those rules target hal_bluetooth rather than hal_bluetooth_server and thus
# are also granted to all clients of Bluetooth HAL (e.g., bluetooth daemon) which are core
# components, and socket communications between system components and vendor components are not
# permted.
# Once we switch full Treble devices to binderized only mode, this issue will disappear.
typeattribute wcnss_filter socket_between_core_and_vendor_violators;