non_plat: Label epdg_wod and grant required permissions

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com> Change-Id: I87460bad635dd0e7dbbb8790457f5d23f8a87a97
2021-01-02 13:37:40 +05:30 · 2021-01-02 13:37:40 +05:30 · 965100d2a9
commit 965100d2a9
parent c7b5ec1463
4 changed files with 29 additions and 0 deletions
--- a/non_plat/epdg_wod.te
+++ b/non_plat/epdg_wod.te
@ -0,0 +1,24 @@
+type epdg_wod, domain, netdomain, mtkimsmddomain;
+type epdg_wod_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(epdg_wod)
+
+allow epdg_wod self:tun_socket { create relabelfrom relabelto };
+allow epdg_wod self:netlink_route_socket { create_socket_perms_no_ioctl nlmsg_read nlmsg_write };
+allow epdg_wod self:netlink_xfrm_socket { read write create getattr bind setopt nlmsg_write };
+allow epdg_wod self:udp_socket { ioctl create };
+allow epdg_wod self:rawip_socket { create getopt setopt };
+allow epdg_wod self:capability { kill net_admin net_raw };
+
+allow epdg_wod tun_device:chr_file rw_file_perms;
+allow epdg_wod { property_socket netd_socket }:sock_file write;
+allow epdg_wod init:unix_stream_socket connectto;
+
+allow epdg_wod kernel:process signal;
+allow epdg_wod system_server:process { signull signal };
+
+allow epdg_wod device:dir { write add_name };
+allow epdg_wod device:lnk_file create;
+
+set_prop(epdg_wod, mtk_wod_prop)
+set_prop(epdg_wod, persist_wod_prop)
--- a/non_plat/file_contexts
+++ b/non_plat/file_contexts
@ -715,6 +715,7 @@
 /dev/socket/volte_ua(/.*)?             u:object_r:volte_ua_socket:s0
 /dev/socket/volte_imcb(/.*)?           u:object_r:volte_imcb_socket:s0
 /(system\/vendor|vendor)/bin/bip         u:object_r:bip_exec:s0
+/(system\/vendor|vendor)/bin/epdg_wod           u:object_r:epdg_wod_exec:s0
 /(system\/vendor|vendor)/bin/volte_imsm_93              u:object_r:volte_imsm_93_exec:s0
 /(system\/vendor|vendor)/bin/volte_md_status            u:object_r:volte_md_status_exec:s0
 /(system\/vendor|vendor)/bin/volte_ua           u:object_r:volte_ua_exec:s0
--- a/non_plat/property.te
+++ b/non_plat/property.te
@ -340,3 +340,5 @@ type mtk_network_prop, property_type, mtk_core_property_type;
 type mtk_md_status_prop, property_type;
 type ctl_volte_ua_prop, property_type;
 type ctl_volte_imcb_prop, property_type;
+type mtk_wod_prop, property_type, mtk_core_property_type;
+type persist_wod_prop, property_type, mtk_core_property_type;
--- a/non_plat/property_contexts
+++ b/non_plat/property_contexts
@ -380,3 +380,5 @@ vendor.volte_md_status         u:object_r:mtk_md_status_prop:s0
 vendor.ril.volte.              u:object_r:mtk_volte_prop:s0
 ctl.vendor.volte_ua            u:object_r:ctl_volte_ua_prop:s0
 ctl.vendor.volte_imcb          u:object_r:ctl_volte_imcb_prop:s0
+vendor.wo.   u:object_r:mtk_wod_prop:s0
+persist.vendor.wo.   u:object_r:persist_wod_prop:s0