NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
android_device_mediatek_sep.../non_plat/epdg_wod.te
Aayush Gupta 92f5e50812 non_plat: Allow epdg_wod rw perms to ccci_device 
Denial observed without this change:
[   12.751534] .(4)[396:logd.auditd]type=1400 audit(1610975739.088:638): avc: denied { open } for comm="epdg_wod" path="/dev/ccci_woa" dev="tmpfs" ino=12969 scontext=u:r:epdg_wod:s0 tcontext=u:object_r:ccci_device:s0 tclass=chr_file permissive=1

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I67030c6bd86b5e71442b36c0ee8064d83b5b31ba
2021-01-18 21:44:41 +05:30

27 lines
1.0 KiB
Plaintext
Raw Permalink Blame History

type epdg_wod, domain, netdomain, mtkimsmddomain;
type epdg_wod_exec, exec_type, file_type, vendor_file_type;
init_daemon_domain(epdg_wod)
domain_auto_trans(epdg_wod, stroke_exec, ipsec)
allow epdg_wod self:tun_socket { create relabelfrom relabelto };
allow epdg_wod self:netlink_route_socket { create_socket_perms_no_ioctl nlmsg_read nlmsg_write };
allow epdg_wod self:netlink_xfrm_socket { read write create getattr bind setopt nlmsg_write };
allow epdg_wod self:udp_socket { ioctl create };
allow epdg_wod self:rawip_socket { create getopt setopt };
allow epdg_wod self:capability { kill net_admin net_raw };
allow epdg_wod { tun_device ccci_device }:chr_file rw_file_perms;
allow epdg_wod { property_socket netd_socket }:sock_file write;
allow epdg_wod init:unix_stream_socket connectto;
allow epdg_wod kernel:process signal;
allow epdg_wod system_server:process { signull signal };
allow epdg_wod device:dir { write add_name };
allow epdg_wod device:lnk_file create;
set_prop(epdg_wod, mtk_wod_prop)
set_prop(epdg_wod, persist_wod_prop)
Reference in New Issue View Git Blame Copy Permalink