diff options
author | Nick Kralevich <nnk@google.com> | 2015-08-25 23:39:25 +0000 |
---|---|---|
committer | Android Git Automerger <android-git-automerger@android.com> | 2015-08-25 23:39:25 +0000 |
commit | ef4ee0e178619b678dde9f5f3aa05d40c7e66209 (patch) | |
tree | cbda877a1c614ca3ebf78aba905e9facaaa67af6 | |
parent | 04a6a9b558bffd44d9d94005952940c680f304f9 (diff) | |
parent | 74c97c70caa4140ce22b9b9c44e6948164bdcdc1 (diff) | |
download | flo-ef4ee0e178619b678dde9f5f3aa05d40c7e66209.tar.gz |
am 74c97c70: Merge "Only allow toolbox exec where /system exec was already allowed."
* commit '74c97c70caa4140ce22b9b9c44e6948164bdcdc1':
Only allow toolbox exec where /system exec was already allowed.
-rw-r--r-- | sepolicy/bluetooth_loader.te | 1 | ||||
-rw-r--r-- | sepolicy/conn_init.te | 1 | ||||
-rw-r--r-- | sepolicy/kickstart.te | 1 | ||||
-rw-r--r-- | sepolicy/netmgrd.te | 4 |
4 files changed, 7 insertions, 0 deletions
diff --git a/sepolicy/bluetooth_loader.te b/sepolicy/bluetooth_loader.te index 928b26a..5c06225 100644 --- a/sepolicy/bluetooth_loader.te +++ b/sepolicy/bluetooth_loader.te @@ -26,3 +26,4 @@ set_prop(bluetooth_loader, bluetooth_prop) # Allow getprop/setprop for init.flo.bt.sh allow bluetooth_loader system_file:file execute_no_trans; +allow bluetooth_loader toolbox_exec:file rx_file_perms; diff --git a/sepolicy/conn_init.te b/sepolicy/conn_init.te index da693f2..76fd70d 100644 --- a/sepolicy/conn_init.te +++ b/sepolicy/conn_init.te @@ -20,3 +20,4 @@ allow conn_init wlan_device:chr_file rw_file_perms; # init.flo.wifi.sh runs toolbox allow conn_init system_file:file execute_no_trans; +allow conn_init toolbox_exec:file rx_file_perms; diff --git a/sepolicy/kickstart.te b/sepolicy/kickstart.te index 6ddc78a..e194211 100644 --- a/sepolicy/kickstart.te +++ b/sepolicy/kickstart.te @@ -33,6 +33,7 @@ allow kickstart radio_efs_file:file r_file_perms; # Run dd from toolbox on firmware files allow kickstart shell_exec:file rx_file_perms; allow kickstart system_file:file execute_no_trans; +allow kickstart toolbox_exec:file rx_file_perms; # Wake lock access wakelock_use(kickstart) diff --git a/sepolicy/netmgrd.te b/sepolicy/netmgrd.te index c10e509..1434f6b 100644 --- a/sepolicy/netmgrd.te +++ b/sepolicy/netmgrd.te @@ -27,6 +27,10 @@ allow netmgrd shell_exec:file rx_file_perms; # Runs /system/bin/ip addr flush dev <device> commands. allow netmgrd system_file:file rx_file_perms; +# XXX Run toolbox. Might not be needed. +allow netmgrd toolbox_exec:file rx_file_perms; +auditallow netmgrd toolbox_exec:file rx_file_perms; + allow netmgrd proc_net:file r_file_perms; allow netmgrd proc_net:dir r_dir_perms; |