Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_system_sepolicy / 17859404f6a1030488a657c4c406a7b83ea9957c
commit17859404f6a1030488a657c4c406a7b83ea9957c[log] [tgz]
authorStephen Smalley <sds@tycho.nsa.gov>Fri Mar 07 14:46:38 2014 -0500
committerStephen Smalley <sds@tycho.nsa.gov>Fri Mar 07 14:46:38 2014 -0500
tree32a8229973562470634a02962f935076c9ca63bb
parentd9d9d2f4170b96a674c8222287bbe4cddfc8de3a [diff]
Address dnsmasq denials.

Address dnsmasq denials such as:

 avc:  denied  { use } for  pid=9145 comm="dnsmasq" path="pipe:[29234]" dev="pipefs" ino=29234 scontext=u:r:dnsmasq:s0 tcontext=u:r:netd:s0 tclass=fd
 avc:  denied  { read } for  pid=9145 comm="dnsmasq" path="pipe:[29234]" dev="pipefs" ino=29234 scontext=u:r:dnsmasq:s0 tcontext=u:r:netd:s0 tclass=fifo_file
 avc:  denied  { read write } for  pid=9145 comm="dnsmasq" path="socket:[7860]" dev="sockfs" ino=7860 scontext=u:r:dnsmasq:s0 tcontext=u:r:netd:s0 tclass=netlink_kobject_uevent_socket
 avc:  denied  { read write } for  pid=9145 comm="dnsmasq" path="socket:[8221]" dev="sockfs" ino=8221 scontext=u:r:dnsmasq:s0 tcontext=u:r:netd:s0 tclass=unix_stream_socket
 avc:  denied  { read write } for  pid=9523 comm="dnsmasq" path="socket:[7860]" dev="sockfs" ino=7860 scontext=u:r:dnsmasq:s0 tcontext=u:r:netd:s0 tclass=netlink_kobject_uevent_socket
 avc:  denied  { read write } for  pid=9523 comm="dnsmasq" path="socket:[7862]" dev="sockfs" ino=7862 scontext=u:r:dnsmasq:s0 tcontext=u:r:netd:s0 tclass=netlink_route_socket
 avc:  denied  { net_raw } for  pid=9607 comm="dnsmasq" capability=13  scontext=u:r:dnsmasq:s0 tcontext=u:r:dnsmasq:s0 tclass=capability
 avc:  denied  { net_admin } for  pid=9607 comm="dnsmasq" capability=12  scontext=u:r:dnsmasq:s0 tcontext=u:r:dnsmasq:s0 tclass=capability

Change-Id: I2bd1eaf22879f09df76a073028cc282362eebeee
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
1 file changed
tree: 32a8229973562470634a02962f935076c9ca63bb
  1. tools/
  2. access_vectors
  3. adbd.te
  4. Android.mk
  5. app.te
  6. attributes
  7. binderservicedomain.te
  8. bluetooth.te
  9. bootanim.te
  10. clatd.te
  11. debuggerd.te
  12. device.te
  13. dhcp.te
  14. dnsmasq.te
  15. domain.te
  16. drmserver.te
  17. dumpstate.te
  18. file.te
  19. file_contexts
  20. fs_use
  21. genfs_contexts
  22. global_macros
  23. gpsd.te
  24. hci_attach.te
  25. healthd.te
  26. hostapd.te
  27. init.te
  28. init_shell.te
  29. initial_sid_contexts
  30. initial_sids
  31. inputflinger.te
  32. installd.te
  33. isolated_app.te
  34. kernel.te
  35. keys.conf
  36. keystore.te
  37. lmkd.te
  38. logd.te
  39. mac_permissions.xml
  40. mdnsd.te
  41. media_app.te
  42. mediaserver.te
  43. mls
  44. mls_macros
  45. mtp.te
  46. net.te
  47. netd.te
  48. nfc.te
  49. NOTICE
  50. platform_app.te
  51. policy_capabilities
  52. port_contexts
  53. ppp.te
  54. property.te
  55. property_contexts
  56. racoon.te
  57. radio.te
  58. README
  59. recovery.te
  60. release_app.te
  61. rild.te
  62. roles
  63. runas.te
  64. sdcardd.te
  65. seapp_contexts
  66. security_classes
  67. selinux-network.sh
  68. servicemanager.te
  69. shared_app.te
  70. shell.te
  71. shelldomain.te
  72. su.te
  73. surfaceflinger.te
  74. system_app.te
  75. system_server.te
  76. te_macros
  77. tee.te
  78. ueventd.te
  79. unconfined.te
  80. uncrypt.te
  81. untrusted_app.te
  82. users
  83. vold.te
  84. watchdogd.te
  85. wpa_supplicant.te
  86. zygote.te