Android9.0 platform app读出以太网MAC地址 sepolicy 设置
Android9.0 platform app读出以太网MAC地址 sepolicy 设置应用层通过读取 /sys/class/net/eth0/adress 文件节点获取以太网的mac地址权限修改 diff --git a/device/mediatek/sepolicy/basic/non_plat/platform_app.te b/device/mediatek/sepolicy/basi
Android9.0 platform app读出以太网MAC地址 sepolicy 设置
应用层通过读取 /sys/class/net/eth0/adress 文件节点获取以太网的mac地址权限修改 diff --git a/device/mediatek/sepolicy/basic/non_plat/platform_app.te b/device/mediatek/sepolicy/basic/non_plat/platform_app.te index 95a403ae28fe8ba29115e06e7e712469891dd508..88b413a6acf5e9c4c022b6052e2673696d054dd8 100644 --- a/device/mediatek/sepolicy/basic/non_plat/platform_app.te +++ b/device/mediatek/sepolicy/basic/non_plat/platform_app.te @@ -112,5 +112,7 @@ get_prop(platform_app, vendor_connsysfw_prop) # Data: 2020/11/20 allow platform_app ttyACM_device:chr_file { read write ioctl open }; +allow platform_app sysfs_net:dir { search read open }; +allow platform_app sysfs:file { open read getattr}; allow platform_app selinuxfs:file { read open }; diff --git a/device/mediatek/sepolicy/basic/plat_private/file.te b/device/mediatek/sepolicy/basic/plat_private/file.te index a548ca011cdc5cb42b004e372f2402e172f73471..f040a1a10764bfcac7cb575d41ad65e7fda42011 100755 --- a/device/mediatek/sepolicy/basic/plat_private/file.te +++ b/device/mediatek/sepolicy/basic/plat_private/file.te @@ -9,3 +9,4 @@ type access_sys_file, fs_type, sysfs_type; type sys_usbhost_device_file, fs_type, sysfs_type; type sys_netpower_device_file, fs_type, sysfs_type; +type sys_eth0_device_file, fs_type, sysfs_type; diff --git a/device/mediatek/sepolicy/basic/plat_private/file_contexts b/device/mediatek/sepolicy/basic/plat_private/file_contexts index 4dbb47354b37cb1168febf0ab105d547a65eadd4..7367f62d7ff6e7f953ab15852260fc640c8b1b4c 100644 --- a/device/mediatek/sepolicy/basic/plat_private/file_contexts +++ b/device/mediatek/sepolicy/basic/plat_private/file_contexts @@ -49,3 +49,4 @@ /sys/devices/virtual/mt8788_gpio_ctrl_node/gpio_ctrl_dev/otg_ctrl u:object_r:sys_usbhost_device_file:s0 /sys/devices/virtual/mt8788_gpio_ctrl_node/gpio_ctrl_dev/net_pwr u:object_r:sys_netpower_device_file:s0 +/sys/class/net/eth0/address u:object_r:sys_eth0_device_file:s0 diff --git a/device/mediatek/sepolicy/basic/plat_private/platform_app.te b/device/mediatek/sepolicy/basic/plat_private/platform_app.te index b7434ced02aa9e5e2a4078cf57df272a43094160..ded31f4b799bd66d88f6cb73949208a7471b572a 100644 --- a/device/mediatek/sepolicy/basic/plat_private/platform_app.te +++ b/device/mediatek/sepolicy/basic/plat_private/platform_app.te @@ -21,3 +21,6 @@ allow platform_app proc_tty_drivers:file { open read }; allow platform_app config_gz:file { read open }; allow platform_app selinuxfs:file { read open }; +allow platform_app sys_eth0_device_file:file { read open }; +allow platform_app sysfs_net:dir { search read open }; +#allow platform_app sysfs:file { open read }; 规则排除,如果所在的权限组无相关的访问权限,需要进行排除,在domain里面 diff --git a/system/sepolicy/prebuilts/api/28.0/private/domain.te b/system/sepolicy/prebuilts/api/28.0/private/domain.te index 8200c40ba107e9720fed612442e89d92af465534..24bc46fda439c53c8e4cbf56d538a3ec63cf092d 100644 --- a/system/sepolicy/prebuilts/api/28.0/private/domain.te +++ b/system/sepolicy/prebuilts/api/28.0/private/domain.te @@ -42,6 +42,7 @@ full_treble_only(` -ueventd -vold -priv_app + -platform_app //排除platform_app 适应规则 } sysfs:file no_rw_file_perms; # /dev diff --git a/system/sepolicy/private/domain.te b/system/sepolicy/private/domain.te index 8200c40ba107e9720fed612442e89d92af465534..24bc46fda439c53c8e4cbf56d538a3ec63cf092d 100644 --- a/system/sepolicy/private/domain.te +++ b/system/sepolicy/private/domain.te @@ -42,6 +42,7 @@ full_treble_only(` -ueventd -vold -priv_app + -platform_app } sysfs:file no_rw_file_perms; # /dev
为开发者提供学习成长、分享交流、生态实践、资源工具等服务,帮助开发者快速成长。
更多推荐
0
0- 0
已为社区贡献1条内容
所有评论(0)