101db9756d
06-24 16:58:55.724 9519 9519 I lowi-server: type=1400 audit(0.0:1980):
avc: denied { read write } for path="socket:[69473]" dev="sockfs" ino=69473
scontext=u:r:lowi_server:s0 tcontext=u:r:vendor_location:s0
tclass=unix_dgram_socket permissive=1
Bug: 235281415
Test: avc error is gone
Change-Id: I93615b98c08f6e6e5c3cc182bddcff30e452e103
36 lines
1.4 KiB
Plaintext
36 lines
1.4 KiB
Plaintext
# lowi_server service
|
|
# which launches various other services supporting Wifi-RTT (LOWI) vendor_location
|
|
type lowi_server, domain;
|
|
type lowi_server_exec, exec_type, vendor_file_type, file_type;
|
|
|
|
hwbinder_use(lowi_server)
|
|
allow lowi_server self:udp_socket create_socket_perms;
|
|
allow lowi_server self:netlink_route_socket create_socket_perms_no_ioctl;
|
|
|
|
## lowi-server
|
|
##############
|
|
allow lowi_server vendor_location:fd use;
|
|
allow lowi_server vendor_location:unix_dgram_socket {sendto read write};
|
|
|
|
# some additional network access
|
|
allow lowi_server self:netlink_generic_socket create_socket_perms_no_ioctl;
|
|
allowxperm lowi_server self:udp_socket ioctl lowi_server_ioctls;
|
|
|
|
# /data/vendor/wifi
|
|
allow lowi_server vendor_wifi_vendor_data_file:dir rw_dir_perms;
|
|
|
|
# /data/vendor/wifi/wpa
|
|
allow lowi_server wpa_data_file:dir rw_dir_perms;
|
|
allow lowi_server wpa_data_file:sock_file create_file_perms;
|
|
allow lowi_server hal_wifi_supplicant_default:unix_dgram_socket sendto;
|
|
|
|
# /dev/socket/wifihal
|
|
allow lowi_server vendor_wifihal_socket:dir rw_dir_perms;
|
|
allow lowi_server vendor_wifihal_socket:sock_file create_file_perms;
|
|
allow lowi_server vendor_wifihal_socket:unix_dgram_socket sendto;
|
|
unix_socket_send(lowi_server, vendor_wifihal, hal_wifi_ext);
|
|
|
|
# /dev/socket/vendor_location
|
|
allow lowi_server vendor_location_socket:{sock_file lnk_file} create_file_perms;
|
|
allow lowi_server vendor_location_socket:dir rw_dir_perms;
|