Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / sepolicy / 96ff4c053a238e04373fcc1f11d769418e8ce238^! / .
commit96ff4c053a238e04373fcc1f11d769418e8ce238[log] [tgz]
authorStephen Smalley <sds@tycho.nsa.gov>Mon Feb 24 13:04:49 2014 -0500
committerStephen Smalley <sds@tycho.nsa.gov>Tue Feb 25 16:23:12 2014 +0000
tree8449b35727c57cddf0c2671cae2a9196b943f5cb
parentd107abd1ba4758db1f6d3c427ba69382007b31ff [diff]
Add a domain for mdnsd and allow connecting to it.

Change-Id: I0a06fa32a46e515671b4e9a6f68e1a3f8b2c21a8
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

diff --git a/file.te b/file.te
index 61c9be5..dc0b0c6 100644
--- a/file.te
+++ b/file.te

@@ -116,6 +116,7 @@
 type logdr_socket, file_type;
 type logdw_socket, file_type;
 type mdns_socket, file_type;
+type mdnsd_socket, file_type;
 type netd_socket, file_type;
 type property_socket, file_type;
 type qemud_socket, file_type;

diff --git a/file_contexts b/file_contexts
index 81698d1..4b0ae8a 100644
--- a/file_contexts
+++ b/file_contexts

@@ -86,6 +86,7 @@
 /dev/socket/logdr	u:object_r:logdr_socket:s0
 /dev/socket/logdw	u:object_r:logdw_socket:s0
 /dev/socket/mdns	u:object_r:mdns_socket:s0
+/dev/socket/mdnsd	u:object_r:mdnsd_socket:s0
 /dev/socket/netd	u:object_r:netd_socket:s0
 /dev/socket/property_service	u:object_r:property_socket:s0
 /dev/socket/qemud	u:object_r:qemud_socket:s0
@@ -130,6 +131,7 @@
 /system/bin/netd	u:object_r:netd_exec:s0
 /system/bin/rild	u:object_r:rild_exec:s0
 /system/bin/mediaserver	u:object_r:mediaserver_exec:s0
+/system/bin/mdnsd	u:object_r:mdnsd_exec:s0
 /system/bin/installd	u:object_r:installd_exec:s0
 /system/bin/keystore	u:object_r:keystore_exec:s0
 /system/bin/debuggerd	u:object_r:debuggerd_exec:s0

diff --git a/mdnsd.te b/mdnsd.te
new file mode 100644
index 0000000..cfcf873
--- /dev/null
+++ b/mdnsd.te

@@ -0,0 +1,7 @@
+# mdns daemon
+type mdnsd, domain;
+permissive_or_unconfined(mdnsd)
+type mdnsd_exec, exec_type, file_type;
+
+init_daemon_domain(mdnsd)
+net_domain(mdnsd)

diff --git a/net.te b/net.te
index b10cecd..32b9fb7 100644
--- a/net.te
+++ b/net.te

@@ -16,3 +16,6 @@
 
 # Talks to netd via dnsproxyd socket.
 unix_socket_connect(netdomain, dnsproxyd, netd)
+
+# Connect to mdnsd via mdnsd socket.
+unix_socket_connect(netdomain, mdnsd, mdnsd)

diff --git a/netd.te b/netd.te
index fb54bde..b8d26f9 100644
--- a/netd.te
+++ b/netd.te

@@ -61,7 +61,6 @@
 # Support netd running mdnsd
 # TODO: prune this back further
 allow netd ctl_default_prop:property_service set;
-allow netd device:sock_file write;
 
 ###
 ### Neverallow rules