Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
M
meta-qti-sepolicy
Manage
Activity
Members
Plan
Wiki
Code
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Deploy
Releases
Package Registry
Container Registry
Model registry
Operate
Terraform modules
Analyze
Contributor analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
CodeLinaro
le
meta-qti-sepolicy
Commits
3e7fa1c6
Commit
3e7fa1c6
authored
4 years ago
by
Ashish Dhiman
Browse files
Options
Downloads
Patches
Plain Diff
add policies for xtwifi client and xtwifi-inet-agent.
CRs-Fixed: 2808623 Change-Id: If3c39fe37ce6a09aaaa89916a8eae634d933e42b
parent
68be2ea8
No related branches found
No related tags found
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
recipes-security/sepolicy/common/device/location.te
+18
-3
18 additions, 3 deletions
recipes-security/sepolicy/common/device/location.te
with
18 additions
and
3 deletions
recipes-security/sepolicy/common/device/location.te
+
18
−
3
View file @
3e7fa1c6
...
...
@@ -213,6 +213,13 @@ allow xtwifi_agent_t proc_t:file read_file_perms;
data_filetrans(xtwifi_agent_t, loc_data_t, { file dir })
manage_user_data_files(xtwifi_agent_t, loc_data_t)
corenet_tcp_connect_http_port(xtwifi_agent_t)
allow xtwifi_agent_t net_conf_t:file { read getattr open };
allow xtwifi_agent_t self:netlink_route_socket { write getattr read bind create nlmsg_read };
allow xtwifi_agent_t self:tcp_socket { write getattr setopt read getopt create connect };
kernel_read_vm_overcommit_sysctl(xtwifi_agent_t)
allow xtwifi_agent_t sysctl_vm_t:dir search;
read_files_pattern(xtwifi_agent_t, systemd_resolved_var_run_t, systemd_resolved_var_run_t);
### xtwifi_client
...
...
@@ -230,7 +237,18 @@ files_read_loc_etc_files(xtwifi_client_t)
dev_read_sysfs(xtwifi_client_t)
leprop_rw_props(xtwifi_client_t)
gen_require(`
type unreserved_port_t;
type rfs_persist_t;
')
allow xtwifi_client_t rfs_persist_t:file { write getattr open };
allow xtwifi_client_t self:{ socket unix_dgram_socket } create_socket_perms;
allow xtwifi_client_t loc_socket_t:dir { remove_name add_name };
allow xtwifi_client_t loc_socket_t:sock_file { create unlink };
kernel_read_vm_overcommit_sysctl(xtwifi_client_t)
allow xtwifi_client_t sysctl_vm_t:dir search;
data_filetrans(xtwifi_client_t, loc_data_t, { file dir })
manage_user_data_files(xtwifi_client_t, loc_data_t)
...
...
@@ -239,9 +257,6 @@ dev_read_urand(xtwifi_client_t)
### engine-service
type engine_service_t;
type engine_service_exec_t;
gen_require(`
type unreserved_port_t;
')
init_vendor_domain(engine_service_t, engine_service_exec_t)
# Launched by loc_launcher instead of init
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
