Added some allows to netmgrd.te

Evolution-x-devices/device_google_walleye

mirror of https://github.com/Evolution-X-Devices/device_google_walleye synced 2026-02-01 07:33:36 +00:00

Added allows to address the following denials. More to follow.

denied { ioctl } for pid=747 comm="netmgrd" path="socket:[27886]"
dev="sockfs" ino=27886 ioctlcmd=8946 scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=udp_socket

denied { ioctl } for pid=1295 comm="ifconfig" path="socket:[27883]"
dev="sockfs" ino=27883 ioctlcmd=8914 scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=udp_socket

denied { ioctl } for pid=747 comm="netmgrd" path="socket:[27292]"
dev="sockfs" ino=27292 ioctlcmd=89f8 scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=udp_socket

denied { ioctl } for pid=747 comm="netmgrd" path="socket:[27290]"
dev="sockfs" ino=27290 ioctlcmd=89f2 scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=udp_socket

denied { ioctl } for pid=747 comm="netmgrd" path="socket:[27868]"
dev="sockfs" ino=27868 ioctlcmd=89fd scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=udp_socket

denied { getattr } for pid=1295 comm="ifconfig"
path="/system/bin/toybox" dev="sda20" ino=509 scontext=u:r:netmgrd:s0
tcontext=u:object_r:toolbox_exec:s0 tclass=file

denied { execute_no_trans } for pid=1295 comm="netmgrd"
path="/system/bin/toybox" dev="sda20" ino=509 scontext=u:r:netmgrd:s0
tcontext=u:object_r:toolbox_exec:s0 tclass=file

denied { read open } for pid=1295 comm="netmgrd"
path="/system/bin/toybox" dev="sda20" ino=509 scontext=u:r:netmgrd:s0
tcontext=u:object_r:toolbox_exec:s0 tclass=file

denied { execute } for pid=1295 comm="netmgrd" name="toybox" dev="sda20"
ino=509 scontext=u:r:netmgrd:s0 tcontext=u:object_r:toolbox_exec:s0
tclass=file

denied { read } for pid=1293 comm="netmgrd" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=socket

denied { write } for pid=747 comm="netmgrd" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=socket

denied { create } for pid=747 comm="netmgrd" scontext=u:r:netmgrd:s0
tcontext=u:r:netmgrd:s0 tclass=socket

Bug: 34784662
Test: The above denials are no longer present during boot
Change-Id: I7b32552f96f2ee1cb79d8e4415823992d2d957da

This commit is contained in:

Max Bires

2017-02-10 13:20:41 -08:00

parent e81ff5b975

commit f432d5d39b

1 changed files with 5 additions and 0 deletions

5

sepolicy/netmgrd.te

View File

@@ -4,6 +4,11 @@ type netmgrd_exec, exec_type, file_type;
 net_domain(netmgrd)
 init_daemon_domain(netmgrd)
 allow netmgrd self:socket create_socket_perms_no_ioctl;
 allowxperm netmgrd self:udp_socket ioctl priv_sock_ioctls;
 allow netmgrd toolbox_exec:file rx_file_perms;
 userdebug_or_eng(`
 permissive netmgrd;
 ')

Added some allows to netmgrd.te

5 sepolicy/netmgrd.te Unescape Escape View File

5

sepolicy/netmgrd.te

View File