sepolicy: add sepolicy binder support for wificond
This allows wificond to publish binder interface using
service manager.
Denial warnings:
wificond: type=1400 audit(0.0:8): avc:
denied { call } for scontext=u:r:wificond:s0
tcontext=u:r:servicemanager:s0 tclass=binder permissive=1
wificond: type=1400 audit(0.0:9): avc:
denied { transfer } for scontext=u:r:wificond:s0
tcontext=u:r:servicemanager:s0 tclass=binder permissive=1
servicemanager: type=1400
audit(0.0:10): avc: denied { search } for name="6085" dev="proc"
ino=40626 scontext=u:r:servicemanager:s0 tcontext=u:r:wificond:s0
tclass=dir permissive=1
servicemanager: type=1400
audit(0.0:11): avc: denied { read } for name="current" dev="proc"
ino=40641 scontext=u:r:servicemanager:s0 tcontext=u:r:wificond:s0
tclass=file permissive=1
servicemanager: type=1400
audit(0.0:12): avc: denied { open } for path="/proc/6085/attr/current"
dev="proc" ino=40641 scontext=u:r:servicemanager:s0
tcontext=u:r:wificond:s0 tclass=file permissive=1
servicemanager: type=1400
audit(0.0:13): avc: denied { getattr } for
scontext=u:r:servicemanager:s0 tcontext=u:r:wificond:s0 tclass=process
permissive=1
SELinux : avc: denied { add } for
service=wificond pid=6085 uid=0 scontext=u:r:wificond:s0
tcontext=u:object_r:wifi_service:s0 tclass=service_manager permissive=1
BUG=28867093
TEST=compile
TEST=use a client to call wificond service through binder
Change-Id: I9312892caff171f17b04c30a415c07036b39ea7f
(cherry picked from commit d56bcb1c54
)
This commit is contained in:
parent
3cbf14a183
commit
b83c8cb139
@ -118,4 +118,5 @@ type webviewupdate_service, app_api_service, system_server_service, service_mana
|
||||
type wifip2p_service, app_api_service, system_server_service, service_manager_type;
|
||||
type wifiscanner_service, system_api_service, system_server_service, service_manager_type;
|
||||
type wifi_service, app_api_service, system_server_service, service_manager_type;
|
||||
type wificond_service, system_server_service, service_manager_type;
|
||||
type window_service, system_api_service, system_server_service, service_manager_type;
|
||||
|
@ -143,5 +143,6 @@ webviewupdate u:object_r:webviewupdate_service:s0
|
||||
wifip2p u:object_r:wifip2p_service:s0
|
||||
wifiscanner u:object_r:wifiscanner_service:s0
|
||||
wifi u:object_r:wifi_service:s0
|
||||
wificond u:object_r:wificond_service:s0
|
||||
window u:object_r:window_service:s0
|
||||
* u:object_r:default_android_service:s0
|
||||
|
@ -3,3 +3,8 @@ type wificond, domain;
|
||||
type wificond_exec, exec_type, file_type;
|
||||
|
||||
init_daemon_domain(wificond)
|
||||
|
||||
binder_use(wificond)
|
||||
binder_call(wificond, system_server)
|
||||
|
||||
allow wificond wificond_service:service_manager { add find };
|
||||
|
Loading…
Reference in New Issue
Block a user