PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

grant appdomain rw perms to tun_device am: 2b935cd78d

Browse Source 
am: 43412f6514

* commit '43412f6514a97572622e009e13f76a61c9d5f987':
  grant appdomain rw perms to tun_device
This commit is contained in:
Jeff Vander Stoep 2016-01-08 23:37:31 +00:00 committed by android-build-merger
commit 02863a7ca7
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app.te
View File

@ -225,6 +225,10 @@ selinux_check_context(appdomain)
auditallow { appdomain userdebug_or_eng(`-su') } sysfs:dir { open getattr read ioctl }; auditallow { appdomain userdebug_or_eng(`-su') } sysfs:dir { open getattr read ioctl };
auditallow { appdomain userdebug_or_eng(`-su') } sysfs:file r_file_perms; auditallow { appdomain userdebug_or_eng(`-su') } sysfs:file r_file_perms;
# Apps receive an open tun fd from the framework for
# device traffic. Do not allow untrusted app to directly open tun_device
allow { appdomain -isolated_app } tun_device:chr_file { read write getattr ioctl append };
### ###
### Neverallow rules ### Neverallow rules
### ###

4
untrusted_app.te
View File

@ -29,10 +29,6 @@ bluetooth_domain(untrusted_app)
# to their sandbox directory and then execute. # to their sandbox directory and then execute.
allow untrusted_app app_data_file:file { rx_file_perms execmod }; allow untrusted_app app_data_file:file { rx_file_perms execmod };
# Third party vpn apps receive an open tun fd from the framework for
# device traffic. Do not allow untrusted app to directly open tun_device
allow untrusted_app tun_device:chr_file { read write getattr ioctl append };
# ASEC # ASEC
allow untrusted_app asec_apk_file:file r_file_perms; allow untrusted_app asec_apk_file:file r_file_perms;
# Execute libs in asec containers. # Execute libs in asec containers.