From 20f26ea9884917331b4190430f07e0df6ce9f082 Mon Sep 17 00:00:00 2001 From: chenze Date: Fri, 30 Dec 2022 19:27:38 +0800 Subject: [PATCH 1/6] localsocket selinux Signed-off-by: chenze --- .../netmanager/system/system_basic_hap.te | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 sepolicy/ohos_policy/communication/netmanager/system/system_basic_hap.te diff --git a/sepolicy/ohos_policy/communication/netmanager/system/system_basic_hap.te b/sepolicy/ohos_policy/communication/netmanager/system/system_basic_hap.te new file mode 100644 index 000000000..2489b8f58 --- /dev/null +++ b/sepolicy/ohos_policy/communication/netmanager/system/system_basic_hap.te @@ -0,0 +1,20 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +allow system_basic_hap arkcompiler_param:file { open read map }; +allow system_basic_hap sa_comm_vpn_manager_service:samgr_class { get }; +allow system_basic_hap data_file:dir { write add_name remove_name }; +allow system_basic_hap data_file:sock_file { create setattr unlink }; +allow system_basic_hap netsysnative:fd { use }; +allow system_basic_hap dev_tun_file:chr_file { read write }; +allow system_basic_hap fwmark_service:sock_file { write }; \ No newline at end of file -- Gitee From e050a8f6d3af7a44ddd445751955688c7c05aaac Mon Sep 17 00:00:00 2001 From: chenze Date: Fri, 30 Dec 2022 20:24:57 +0800 Subject: [PATCH 2/6] update Signed-off-by: chenze --- .../communication/netmanager/system/system_basic_hap.te | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/sepolicy/ohos_policy/communication/netmanager/system/system_basic_hap.te b/sepolicy/ohos_policy/communication/netmanager/system/system_basic_hap.te index 2489b8f58..b9d036a7a 100644 --- a/sepolicy/ohos_policy/communication/netmanager/system/system_basic_hap.te +++ b/sepolicy/ohos_policy/communication/netmanager/system/system_basic_hap.te @@ -12,9 +12,5 @@ # limitations under the License. allow system_basic_hap arkcompiler_param:file { open read map }; -allow system_basic_hap sa_comm_vpn_manager_service:samgr_class { get }; allow system_basic_hap data_file:dir { write add_name remove_name }; -allow system_basic_hap data_file:sock_file { create setattr unlink }; -allow system_basic_hap netsysnative:fd { use }; -allow system_basic_hap dev_tun_file:chr_file { read write }; -allow system_basic_hap fwmark_service:sock_file { write }; \ No newline at end of file +allow system_basic_hap data_file:sock_file { create setattr unlink }; \ No newline at end of file -- Gitee From 3cabeeb64e4706b3ed3def65a597b46cd95ef6d8 Mon Sep 17 00:00:00 2001 From: chenze Date: Fri, 30 Dec 2022 21:16:03 +0800 Subject: [PATCH 3/6] u Signed-off-by: chenze --- .../communication/netmanager/system/system_basic_hap.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sepolicy/ohos_policy/communication/netmanager/system/system_basic_hap.te b/sepolicy/ohos_policy/communication/netmanager/system/system_basic_hap.te index b9d036a7a..eba1c85e4 100644 --- a/sepolicy/ohos_policy/communication/netmanager/system/system_basic_hap.te +++ b/sepolicy/ohos_policy/communication/netmanager/system/system_basic_hap.te @@ -13,4 +13,4 @@ allow system_basic_hap arkcompiler_param:file { open read map }; allow system_basic_hap data_file:dir { write add_name remove_name }; -allow system_basic_hap data_file:sock_file { create setattr unlink }; \ No newline at end of file +allow system_basic_hap data_file:sock_file { write create setattr unlink }; \ No newline at end of file -- Gitee From 1c755de624f48fa1e6457b8fcfe4e0814442fd4f Mon Sep 17 00:00:00 2001 From: chenze Date: Tue, 3 Jan 2023 11:29:08 +0800 Subject: [PATCH 4/6] updata Signed-off-by: chenze --- .../communication/netmanager/system/system_basic_hap.te | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sepolicy/ohos_policy/communication/netmanager/system/system_basic_hap.te b/sepolicy/ohos_policy/communication/netmanager/system/system_basic_hap.te index eba1c85e4..4898128ea 100644 --- a/sepolicy/ohos_policy/communication/netmanager/system/system_basic_hap.te +++ b/sepolicy/ohos_policy/communication/netmanager/system/system_basic_hap.te @@ -13,4 +13,5 @@ allow system_basic_hap arkcompiler_param:file { open read map }; allow system_basic_hap data_file:dir { write add_name remove_name }; -allow system_basic_hap data_file:sock_file { write create setattr unlink }; \ No newline at end of file +allow system_basic_hap data_file:sock_file { write create setattr unlink }; +allow system_basic_hap system_basic_hap:unix_dgram_socket { bind setopt getopt getattr read write }; \ No newline at end of file -- Gitee From fa10f45368b06972d6d230751ca36808b33570bb Mon Sep 17 00:00:00 2001 From: chenze Date: Tue, 3 Jan 2023 13:47:12 +0800 Subject: [PATCH 5/6] update Signed-off-by: chenze --- .../communication/netmanager/system/system_basic_hap.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sepolicy/ohos_policy/communication/netmanager/system/system_basic_hap.te b/sepolicy/ohos_policy/communication/netmanager/system/system_basic_hap.te index 4898128ea..1473451b4 100644 --- a/sepolicy/ohos_policy/communication/netmanager/system/system_basic_hap.te +++ b/sepolicy/ohos_policy/communication/netmanager/system/system_basic_hap.te @@ -14,4 +14,4 @@ allow system_basic_hap arkcompiler_param:file { open read map }; allow system_basic_hap data_file:dir { write add_name remove_name }; allow system_basic_hap data_file:sock_file { write create setattr unlink }; -allow system_basic_hap system_basic_hap:unix_dgram_socket { bind setopt getopt getattr read write }; \ No newline at end of file +allow system_basic_hap system_basic_hap:unix_dgram_socket { bind setopt getopt getattr read write sendto }; \ No newline at end of file -- Gitee From bf07417e980bcab8a7d1d17ca33926323422f58a Mon Sep 17 00:00:00 2001 From: chenze Date: Thu, 5 Jan 2023 16:23:41 +0800 Subject: [PATCH 6/6] updata Signed-off-by: chenze --- .../ohos_policy/communication/netmanager/system/normal_hap.te | 3 +++ .../communication/netmanager/system/system_core_hap.te | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/sepolicy/ohos_policy/communication/netmanager/system/normal_hap.te b/sepolicy/ohos_policy/communication/netmanager/system/normal_hap.te index ac3e0f401..4ce108470 100644 --- a/sepolicy/ohos_policy/communication/netmanager/system/normal_hap.te +++ b/sepolicy/ohos_policy/communication/netmanager/system/normal_hap.te @@ -12,3 +12,6 @@ # limitations under the License. allow normal_hap normal_hap:udp_socket { getopt }; +allow normal_hap data_file:dir { write add_name remove_name }; +allow normal_hap data_file:sock_file { write create setattr unlink }; +allow normal_hap normal_hap:unix_dgram_socket { bind setopt getopt getattr read write sendto }; \ No newline at end of file diff --git a/sepolicy/ohos_policy/communication/netmanager/system/system_core_hap.te b/sepolicy/ohos_policy/communication/netmanager/system/system_core_hap.te index e206b692d..db0de87bd 100644 --- a/sepolicy/ohos_policy/communication/netmanager/system/system_core_hap.te +++ b/sepolicy/ohos_policy/communication/netmanager/system/system_core_hap.te @@ -13,4 +13,6 @@ allow system_core_hap netmanager:binder { call }; allow system_core_hap netmanager:binder { transfer }; - +allow system_core_hap data_file:dir { write add_name remove_name }; +allow system_core_hap data_file:sock_file { write create setattr unlink }; +allow system_core_hap system_core_hap:unix_dgram_socket { bind setopt getopt getattr read write sendto }; -- Gitee