non_plat: Label and address stroke binary denials

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com> Change-Id: I65a085ae9023f9788f780f28246b5297d1682c6e
2021-01-18 19:00:40 +05:30 · 2021-01-18 19:00:40 +05:30 · 84ae870bb8
commit 84ae870bb8
parent 3525f7a751
3 changed files with 4 additions and 0 deletions
--- a/non_plat/epdg_wod.te
+++ b/non_plat/epdg_wod.te
@ -3,6 +3,8 @@ type epdg_wod_exec, exec_type, file_type, vendor_file_type;

 init_daemon_domain(epdg_wod)

+domain_auto_trans(epdg_wod, stroke_exec, ipsec)
+
 allow epdg_wod self:tun_socket { create relabelfrom relabelto };
 allow epdg_wod self:netlink_route_socket { create_socket_perms_no_ioctl nlmsg_read nlmsg_write };
 allow epdg_wod self:netlink_xfrm_socket { read write create getattr bind setopt nlmsg_write };
--- a/non_plat/file_contexts
+++ b/non_plat/file_contexts
@ -719,6 +719,7 @@
 /dev/socket/volte_imsvt1(/.*)?         u:object_r:volte_imsvt1_socket:s0
 /(system\/vendor|vendor)/bin/bip         u:object_r:bip_exec:s0
 /(system\/vendor|vendor)/bin/epdg_wod           u:object_r:epdg_wod_exec:s0
+/(system\/vendor|vendor)/bin/stroke		u:object_r:stroke_exec:s0
 /(system\/vendor|vendor)/bin/volte_imsm_93              u:object_r:volte_imsm_93_exec:s0
 /(system\/vendor|vendor)/bin/volte_md_status            u:object_r:volte_md_status_exec:s0
 /(system\/vendor|vendor)/bin/volte_ua           u:object_r:volte_ua_exec:s0
--- a/non_plat/stroke_exec.te
+++ b/non_plat/stroke_exec.te
@ -0,0 +1 @@
+type stroke_exec, file_type, exec_type, vendor_file_type;
				`@ -0,0 +1 @@`
				`type stroke_exec, file_type, exec_type, vendor_file_type;`