Gitiles
Code Review Sign In
review.blissroms.org / platform_device_qcom_sepolicy-legacy-um / 4828dd071564322dbc392cdda24dd53ba071842a
commit4828dd071564322dbc392cdda24dd53ba071842a[log] [tgz]
authorSubash Abhinov Kasiviswanathan <subashab@codeaurora.org>Tue Aug 08 14:22:19 2017 -0600
committerSubash Abhinov Kasiviswanathan <subashab@codeaurora.org>Tue Aug 08 15:21:19 2017 -0600
tree6edc7b15c04b383b505bf84650fbafa508824831
parent888d40e92e078be145186fa441cf34441f3c1b98 [diff]
NETMGR: Use HIDL to talk to netd

Latest versions now will have access to netd pid file restricted to
vendor components. Due to this, netmgrd will no longer be able to
detect netd restart and could hence go out of sync leading to
incorrect installation and flushing of rules and routes.

By introducing a netd HAL, netmgrd is able to talk to netd via a
HIDL. The 1.0 version of the HAL only publishes a service for this
particular usecase. Going forward this could be used to add support
for executing ndc commands, iptables and other system calls.

Fixes these denials -

audit(1502214635.963:60): avc: denied { call } for pid=1467
comm="netmgrd" scontext=u:r:netmgrd:s0 tcontext=u:r:netd:s0
tclass=binder permissive=1
E SELinux : avc:  denied  { find } for
interface=android.system.net.netd::INetd pid=1480
scontext=u:r:netmgrd:s0
tcontext=u:object_r:system_net_netd_hwservice:s0
tclass=hwservice_manager permissive=0

CRs-Fixed: 2066870
Change-Id: Iedc97746964381b9673dc3b7c09e1d80d6efa551
1 file changed
tree: 6edc7b15c04b383b505bf84650fbafa508824831
  1. apq8084/
  2. apq8098_latv/
  3. common/
  4. msm8226/
  5. msm8909/
  6. msm8916/
  7. msm8937/
  8. msm8952/
  9. msm8953/
  10. msm8960/
  11. msm8974/
  12. msm8976/
  13. msm8992/
  14. msm8994/
  15. msm8996/
  16. msm8998/
  17. msmpeafowl/
  18. msmskunk/
  19. private/
  20. public/
  21. sdm660/
  22. sdm845/
  23. ssg/
  24. test/
  25. Android.mk