mirror of
https://github.com/Evolution-X-Devices/device_google_wahoo
synced 2026-02-01 07:50:47 +00:00
ead208b3b3
Grant cnd a temporary exemption to a neverallow rule asserting vendor processes may not access core data types outside /data/vendor. Bug: 34980020 Bug: 36712542 Test: Muskie builds Change-Id: I68baee81282343b5627b012ff39d2f038fb99054
32 lines
953 B
Plaintext
32 lines
953 B
Plaintext
type cnd, domain;
|
|
type cnd_exec, exec_type, file_type;
|
|
|
|
file_type_auto_trans(cnd, socket_device, cnd_socket);
|
|
|
|
allow cnd self:capability { chown fsetid setgid setuid };
|
|
|
|
allow cnd self:udp_socket create_socket_perms;
|
|
allowxperm cnd self:udp_socket ioctl SIOCGIFMTU;
|
|
|
|
# TODO(b/36712542): Remove this once cnd stops accessing data
|
|
# outside /data/vendor.
|
|
typeattribute cnd coredata_in_vendor_violators;
|
|
allow cnd wpa_socket:dir w_dir_perms;
|
|
allow cnd wpa_socket:sock_file create_file_perms;
|
|
allow cnd wifi_data_file:dir search;
|
|
|
|
allow cnd sysfs_soc:dir search;
|
|
allow cnd sysfs_soc:file r_file_perms;
|
|
|
|
allow cnd proc_meminfo:file r_file_perms;
|
|
|
|
r_dir_file(cnd, sysfs_msm_subsys)
|
|
|
|
allow cnd self:socket create_socket_perms;
|
|
allowxperm cnd self:socket ioctl msm_sock_ipc_ioctls;
|
|
|
|
init_daemon_domain(cnd)
|
|
|
|
# TODO(b/36613996): Remove this once system_app no longer communicates over sockets with cnd
|
|
typeattribute cnd socket_between_core_and_vendor_violators;
|