Evolution-x-devices/device_google_wahoo
2
0
Fork 0
mirror of https://github.com/Evolution-X-Devices/device_google_wahoo synced 2026-02-01 07:50:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
eb252fd433ad69882237c8df07dab9bbbc374e9a
device_google_wahoo/sepolicy/cnd.te
Max Bires 3669fffc1f Adding allows to fix following denials during run/boot time 
denied { write } for pid=808 comm="cnd" name="property_service"
dev="tmpfs" ino=19844 scontext=u:r:cnd:s0
tcontext=u:object_r:property_socket:s0 tclass=sock_file

denied { connectto } for pid=808 comm="cnd"
path="/dev/socket/property_service" scontext=u:r:cnd:s0
tcontext=u:r:init:s0 tclass=unix_stream_socket

denied { set } for property=persist.sys.cnd.iwlan pid=808 uid=1000
gid=1000 scontext=u:r:cnd:s0 tcontext=u:object_r:system_prop:s0
tclass=property_service

denied { sendto } for pid=808 comm="cnd" path="/dev/socket/wpa_wlan0"
scontext=u:r:cnd:s0 tcontext=u:r:hal_wifi_supplicant_default:s0
tclass=unix_dgram_socket

denied { connectto } for pid=687 comm="android.hardwar"
path=0062745F736F636B scontext=u:r:hal_bluetooth_default:s0
tcontext=u:r:wcnss_filter:s0 tclass=unix_stream_socket

denied { getattr } for pid=688 comm="android.hardwar"
path="/dev/block/sdb1" dev="tmpfs" ino=21693
scontext=u:r:hal_bootctl_default:s0 tcontext=u:object_r:block_device:s0
tclass=blk_file

denied { read } for pid=688 comm="android.hardwar" name="by-name"
dev="tmpfs" ino=19833 scontext=u:r:hal_bootctl_default:s0
tcontext=u:object_r:block_device:s0 tclass=dir

denied { sendto } for pid=4906 comm="wpa_supplicant"
path="/data/misc/wifi/sockets/wpa_ctrl_808-2"
scontext=u:r:hal_wifi_supplicant_default:s0 tcontext=u:r:cnd:s0
tclass=unix_dgram_socket

denied { connectto } for pid=1071 comm="imsdatadaemon"
path="/dev/socket/netmgr/netmgr_connect_socket" scontext=u:r:ims:s0
tcontext=u:r:netmgrd:s0 tclass=unix_stream_socket

denied { open getattr } for pid=7689 comm="Thread-2"
path="/dev/__properties__/u:object_r:ramdump_prop:s0" dev="tmpfs"
ino=20494 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:ramdump_prop:s0 tclass=file

denied { write } for pid=3588 comm="IFMsg_Rxr" name="rild_ims0"
dev="tmpfs" ino=30159 scontext=u:r:radio:s0
tcontext=u:object_r:qmuxd_socket:s0 tclass=sock_file

denied { read open } for pid=672 comm="ramdump" name="fstab" dev="sysfs"
ino=16483 scontext=u:r:ramdump:s0 tcontext=u:object_r:sysfs:s0
tclass=dir

denied { read open getattr } for pid=672 comm="ramdump" name="cmdline"
dev="proc" ino=4026532068 scontext=u:r:ramdump:s0
tcontext=u:object_r:proc:s0 tclass=file

denied { connectto } for pid=3249 comm="Thread-4"
path="/dev/socket/netmgr/netmgr_connect_socket"
scontext=u:r:system_server:s0 tcontext=u:r:netmgrd:s0
tclass=unix_stream_socket

denied { call transfer } for pid=3148 comm="Thread-4"
scontext=u:r:system_server:s0 tcontext=u:r:per_mgr:s0 tclass=binder

denied { write } for pid=3249 comm="Thread-4"
name="netmgr_connect_socket" dev="tmpfs" ino=25191
scontext=u:r:system_server:s0 tcontext=u:object_r:netmgrd_socket:s0
tclass=sock_file

denied { read write open } for pid=3337 comm="wcnss_filter"
name="ttyHS0" dev="tmpfs" ino=21812 scontext=u:r:wcnss_filter:s0
tcontext=u:object_r:device:s0 tclass=chr_file

denied { getattr } for pid=826 comm="cnss-daemon"
path="/proc/sys/net/ipv4/tcp_adv_win_scale" dev="proc" ino=106652
scontext=u:r:wcnss_service:s0 tcontext=u:object_r:proc_net:s0
tclass=file

denied { ioctl } for pid=7237 comm="ifconfig" path="socket:[108096]"
dev="sockfs" ino=108096 ioctlcmd=8914 scontext=u:r:wcnss_service:s0
tcontext=u:r:wcnss_service:s0 tclass=udp_socket

Bug: 34784662
Test: The above denials are no longer present
Change-Id: I1adafb8205c8d2a662921b42af9b580bc1d63bb8
2017-04-03 00:23:03 +00:00

33 lines
977 B
Plaintext
Raw Blame History

type cnd, domain;
type cnd_exec, exec_type, file_type;
file_type_auto_trans(cnd, socket_device, cnd_socket);
allow cnd self:capability { chown fsetid setgid setuid };
allow cnd self:udp_socket create_socket_perms;
allowxperm cnd self:udp_socket ioctl SIOCGIFMTU;
# TODO(b/36712542): Remove this once cnd stops accessing data
# outside /data/vendor.
typeattribute cnd coredata_in_vendor_violators;
allow cnd wpa_socket:dir w_dir_perms;
allow cnd wpa_socket:sock_file create_file_perms;
allow cnd wifi_data_file:dir search;
allow cnd sysfs_soc:dir search;
allow cnd sysfs_soc:file r_file_perms;
allow cnd proc_meminfo:file r_file_perms;
r_dir_file(cnd, sysfs_msm_subsys)
set_prop(cnd, cnd_prop)
allow cnd self:socket create_socket_perms;
allowxperm cnd self:socket ioctl msm_sock_ipc_ioctls;
init_daemon_domain(cnd)
# TODO(b/36613996): Remove this once system_app no longer communicates over sockets with cnd
typeattribute cnd socket_between_core_and_vendor_violators;
Reference in New Issue View Git Blame Copy Permalink