Add SELinux configuration for new DHCP programs Add the dhcpclient and dhcpserver binary files to the makefile and file_contexts and give them the appropriate SELinux permissions to run. BUG: 74514143 Test: Build emulator image and manually verify WiFi functionality Change-Id: Ia472ef4c86c9b6ba967c0fc7443db607aed1e485 (cherry picked from commit 917bda2587d219e35404a298c05a7179519815c1) (cherry picked from commit 87b9f937113801b50612863cb13e6391cc1f3105) (cherry picked from commit 760a19890ac99144f6b143015c36e7aaa3797c73)

commit: 3c4b342323d92af6bb75fe3b39eeed6cbfb7eabb [log] [tgz]
author: Bjoern Johansson <bjoernj@google.com> Thu Jul 06 15:52:57 2017 -0700
committer: Bjoern Johansson <bjoernj@google.com> Thu Mar 22 12:58:29 2018 -0700
tree: 7dc2aca6c1c3e2327a6500e9a6a33516026645ee
parent: 12fd2d8824a45026f2416ccd37ee546c145f82ec [diff]
diff --git a/target/board/generic/sepolicy/dhcpclient.te b/target/board/generic/sepolicy/dhcpclient.te
new file mode 100644
index 0000000..9c5833f
--- /dev/null
+++ b/target/board/generic/sepolicy/dhcpclient.te

@@ -0,0 +1,16 @@
+# DHCP client
+type dhcpclient, domain, domain_deprecated;
+type dhcpclient_exec, exec_type, file_type;
+
+init_daemon_domain(dhcpclient)
+net_domain(dhcpclient)
+
+allow dhcpclient execns:fd use;
+
+set_prop(dhcpclient, net_eth0_prop);
+allow dhcpclient self:capability { net_admin net_raw };
+allow dhcpclient self:packet_socket { create bind ioctl read write };
+allow dhcpclient self:udp_socket { ioctl create };
+allow dhcpclient self:netlink_route_socket { write nlmsg_write };
+allow dhcpclient varrun_file:dir search;
+

diff --git a/target/board/generic/sepolicy/dhcpserver.te b/target/board/generic/sepolicy/dhcpserver.te
new file mode 100644
index 0000000..742bfb8
--- /dev/null
+++ b/target/board/generic/sepolicy/dhcpserver.te

@@ -0,0 +1,12 @@
+# DHCP server
+type dhcpserver, domain, domain_deprecated;
+type dhcpserver_exec, exec_type, file_type;
+
+init_daemon_domain(dhcpserver)
+net_domain(dhcpserver)
+
+allow dhcpserver execns:fd use;
+
+get_prop(dhcpserver, net_eth0_prop);
+allow dhcpserver self:udp_socket { ioctl create setopt bind };
+allow dhcpserver self:capability { net_raw net_bind_service };

diff --git a/target/board/generic/sepolicy/execns.te b/target/board/generic/sepolicy/execns.te
index af8fd88..9f3af4e 100644
--- a/target/board/generic/sepolicy/execns.te
+++ b/target/board/generic/sepolicy/execns.te

@@ -10,6 +10,12 @@
 #Allow execns itself to be run by init in its own domain
 domain_auto_trans(init, execns_exec, execns);
 
+# Allow dhcpclient to be run by execns in its own domain
+domain_auto_trans(execns, dhcpclient_exec, dhcpclient);
+
+# Allow dhcpserver to be run by execns in its own domain
+domain_auto_trans(execns, dhcpserver_exec, dhcpserver);
+
 # Allow hostapd to be run by execns in its own domain
 domain_auto_trans(execns, hostapd_exec, hostapd);
 allow hostapd execns:fd use;

diff --git a/target/board/generic/sepolicy/file_contexts b/target/board/generic/sepolicy/file_contexts
index 86d7dd5..cc54517 100644
--- a/target/board/generic/sepolicy/file_contexts
+++ b/target/board/generic/sepolicy/file_contexts

@@ -20,6 +20,8 @@
 /vendor/bin/qemu-props       u:object_r:qemu_props_exec:s0
 /system/bin/execns           u:object_r:execns_exec:s0
 /system/bin/ipv6proxy        u:object_r:ipv6proxy_exec:s0
+/system/bin/dhcpclient       u:object_r:dhcpclient_exec:s0
+/system/bin/dhcpserver       u:object_r:dhcpserver_exec:s0
 
 /vendor/bin/hw/android\.hardware\.drm@1\.0-service\.widevine          u:object_r:hal_drm_widevine_exec:s0
 

diff --git a/target/board/generic/sepolicy/property.te b/target/board/generic/sepolicy/property.te
index 56e02ef..8c7c892 100644
--- a/target/board/generic/sepolicy/property.te
+++ b/target/board/generic/sepolicy/property.te

@@ -1,3 +1,4 @@
 type qemu_prop, property_type;
 type qemu_cmdline, property_type;
 type radio_noril_prop, property_type;
+type net_eth0_prop, property_type;

diff --git a/target/board/generic/sepolicy/property_contexts b/target/board/generic/sepolicy/property_contexts
index 3a61b6b..c5a2bc1 100644
--- a/target/board/generic/sepolicy/property_contexts
+++ b/target/board/generic/sepolicy/property_contexts

@@ -3,3 +3,4 @@
 ro.emu.                 u:object_r:qemu_prop:s0
 ro.emulator.            u:object_r:qemu_prop:s0
 ro.radio.noril          u:object_r:radio_noril_prop:s0
+net.eth0.               u:object_r:net_eth0_prop:s0

diff --git a/target/product/emulator.mk b/target/product/emulator.mk
index 10eb4c8..9d42987 100644
--- a/target/product/emulator.mk
+++ b/target/product/emulator.mk

@@ -118,6 +118,8 @@
 
 # WiFi
 PRODUCT_PACKAGES += \
+	dhcpclient \
+	dhcpserver \
 	execns \
 	hostapd \
 	ip \
commit	3c4b342323d92af6bb75fe3b39eeed6cbfb7eabb	[log] [tgz]
author	Bjoern Johansson <bjoernj@google.com>	Thu Jul 06 15:52:57 2017 -0700
committer	Bjoern Johansson <bjoernj@google.com>	Thu Mar 22 12:58:29 2018 -0700
tree	7dc2aca6c1c3e2327a6500e9a6a33516026645ee
parent	12fd2d8824a45026f2416ccd37ee546c145f82ec [diff]