Skip to content
Snippets Groups Projects
Commit 006260e5 authored by Nick Kralevich's avatar Nick Kralevich Committed by Gerrit Code Review
Browse files

Merge "Confine hostapd, but leave it permissive for now."

parents 2b939e8c 945fb567
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 19 additions and 3 deletions
hostapd.te
+ 19
3
View file @ 006260e5
# userspace wifi access points
type hostapd, domain;
permissive hostapd;
type hostapd_exec, exec_type, file_type;
init_daemon_domain(hostapd)
net_domain(hostapd)
unconfined_domain(hostapd)
allow hostapd self:capability { net_admin net_raw setuid setgid };
allow hostapd self:netlink_socket create_socket_perms;
allow hostapd self:packet_socket { create write read };
allow hostapd self:netlink_route_socket { bind create write nlmsg_write read };
allow hostapd self:udp_socket { create ioctl };
allow hostapd wifi_data_file:file rw_file_perms;
allow hostapd wifi_data_file:dir create_dir_perms;
allow hostapd wifi_data_file:sock_file { create setattr write unlink };
allow hostapd netd:fd use;
allow hostapd netd:udp_socket { read write };
allow hostapd netd:netlink_kobject_uevent_socket { read write };
allow hostapd netd:netlink_nflog_socket { read write };
allow hostapd netd:netlink_route_socket { read write };
allow hostapd netd:unix_stream_socket { read write };
allow hostapd netd:fifo_file { read write };
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment