PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Exempt tetheroffload hal from network socket restrictions

Browse Source 
The tetheroffload hal must be able to use network sockets as part of
its job.

Bug: 62870833
Test: neverallow-only change builds.
Change-Id: I630b36340796a5ecb5db08e732b0978dd82835c7
This commit is contained in:
Jeff Vander Stoep 2017-06-21 12:46:21 -07:00
parent 3692b3189e
commit d75a2c0cc8
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
public/hal_neverallows.te
View File

@ -8,10 +8,11 @@ neverallow {
-rild -rild
} self:capability { net_admin net_raw }; } self:capability { net_admin net_raw };
# Unless a HAL's job is to manage network hardware, it should not be # Unless a HAL's job is to communicate over the network, or control network
# using network sockets. # hardware, it should not be using network sockets.
neverallow { neverallow {
halserverdomain halserverdomain
-hal_tetheroffload_server
-hal_wifi_server -hal_wifi_server
-hal_wifi_supplicant_server -hal_wifi_supplicant_server
-rild -rild