Skip to content

Commit

Permalink
sepolicy change for cnd
Browse files Browse the repository at this point in the history 
Bug ID: 28340421
Change-Id: I1ff73d31070b24eef5867c6d739d2af543bcc6cf
  • Loading branch information
svempati authored and Meng Wang committed Aug 26, 2016
1 parent d4bbb95 commit b467166
Showing 1 changed file with 1 addition and 6 deletions.
7 changes: 1 addition & 6 deletions sepolicy/cnd.te
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,6 @@
type cnd, domain;
type cnd_exec, exec_type, file_type;

# STOPSHIP b/28340421
# Temporarily grant this permission and log its use.
allow cnd self:capability net_raw;
auditallow cnd self:capability net_raw;

# cnd creates /dev/socket/nims
file_type_auto_trans(cnd, socket_device, cnd_socket);
allow cnd socket_device:dir remove_name;
Expand All @@ -15,7 +10,7 @@ net_domain(cnd)
wakelock_use(cnd)

# do not grant net_raw, net_admin, or dac_override
allow cnd self:capability { chown fsetid setgid setuid };
allow cnd self:capability { chown fsetid setgid setuid net_bind_service};

# Grant access to Qualcomm MSM Interface (QMI) radio sockets
qmux_socket(cnd)
Expand Down

0 comments on commit b467166

Please sign in to comment.