Skip to content
Snippets Groups Projects
Commit d49f7e6e authored by rpcraig's avatar rpcraig
Browse files

Add ppp/mtp policy. 

Initial policy for Point-to-Point tunneling and
tunneling manager services.
parent 171a0625
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
file_contexts
+ 4
0
View file @ d49f7e6e
...@@ -38,6 +38,7 @@ ...@@ -38,6 +38,7 @@
/dev/mtd/mtd5ro u:object_r:radio_device:s0 /dev/mtd/mtd5ro u:object_r:radio_device:s0
/dev/mtp_usb u:object_r:mtp_device:s0 /dev/mtp_usb u:object_r:mtp_device:s0
/dev/pn544 u:object_r:nfc_device:s0 /dev/pn544 u:object_r:nfc_device:s0
/dev/ppp u:object_r:ppp_device:s0
/dev/ptmx u:object_r:ptmx_device:s0 /dev/ptmx u:object_r:ptmx_device:s0
/dev/pvrsrvkm u:object_r:powervr_device:s0 /dev/pvrsrvkm u:object_r:powervr_device:s0
/dev/qemu_.* u:object_r:qemu_device:s0 /dev/qemu_.* u:object_r:qemu_device:s0
...@@ -103,6 +104,9 @@ ...@@ -103,6 +104,9 @@
/system/bin/qemud u:object_r:qemud_exec:s0 /system/bin/qemud u:object_r:qemud_exec:s0
/system/bin/sdcard u:object_r:sdcardd_exec:s0 /system/bin/sdcard u:object_r:sdcardd_exec:s0
/system/bin/dhcpcd u:object_r:dhcp_exec:s0 /system/bin/dhcpcd u:object_r:dhcp_exec:s0
/system/bin/mtpd u:object_r:mtp_exec:s0
/system/bin/pppd u:object_r:ppp_exec:s0
/system/etc/ppp(/.*)? u:object_r:ppp_system_file:s0
/system/etc/dhcpcd(/.*)? u:object_r:dhcp_system_file:s0 /system/etc/dhcpcd(/.*)? u:object_r:dhcp_system_file:s0
/system/xbin/su u:object_r:su_exec:s0 /system/xbin/su u:object_r:su_exec:s0
/system/vendor/bin/gpsd u:object_r:gpsd_exec:s0 /system/vendor/bin/gpsd u:object_r:gpsd_exec:s0
......
mtp.te 0 → 100644
+ 13
0
View file @ d49f7e6e
# vpn tunneling protocol manager
type mtp, domain;
type mtp_exec, exec_type, file_type;
init_daemon_domain(mtp)
# pptp policy
allow mtp self:tcp_socket { create setopt connect write read };
allow mtp self:socket { create connect };
allow mtp self:rawip_socket create;
allow mtp self:capability net_raw;
allow mtp ppp:process signal;
allow mtp port:tcp_socket name_connect;
ppp.te 0 → 100644
+ 17
0
View file @ d49f7e6e
# Point to Point Protocol daemon
type ppp, domain;
type ppp_device, dev_type;
type ppp_exec, exec_type, file_type;
type ppp_system_file, file_type;
domain_auto_trans(mtp, ppp_exec, ppp)
allow ppp mtp:socket { read write ioctl };
allow ppp ppp_device:chr_file rw_file_perms;
allow ppp self:capability net_admin;
allow ppp self:udp_socket { create ioctl };
allow ppp ppp_system_file:dir search;
allow ppp ppp_system_file:file rx_file_perms;
allow ppp vpn_data_file:dir w_dir_perms;
allow ppp vpn_data_file:file create_file_perms;
allow ppp mtp:fd use;
system.te
+ 3
0
View file @ d49f7e6e
...@@ -206,3 +206,6 @@ allow system gps_control:file rw_file_perms; ...@@ -206,3 +206,6 @@ allow system gps_control:file rw_file_perms;
allow system appdomain:udp_socket { read write }; allow system appdomain:udp_socket { read write };
# Allow abstract socket connection # Allow abstract socket connection
allow system rild:unix_stream_socket connectto; allow system rild:unix_stream_socket connectto;
# connect to vpn tunnel
allow system mtp:unix_stream_socket { connectto };
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment