Set the permission to file clatd and directory for-system
Set clatd privs to clat:clat:-r-sr-sr-x and set its parent
directory privs to root:system:dr-xr-x---. Makes sure that
only root and system group members can execute the binary.
Test: flash and check the file permission
$ adb shell ls -lZ /apex/com.android.tethering/bin
dr-xr-x--- 2 root system u:object_r:system_file:s0 4096 1970-01-01 08:00 for-system
$ adb shell ls -lZ /apex/com.android.tethering/bin/for-system
-r-sr-sr-x 1 clat clat u:object_r:clatd_exec:s0 24352 1970-01-01 08:00 clatd
Bug: 212345928
Test: test clat
1. Connect to ipv6-only wifi.
2. Make IPv4 traffic.
$ ping 8.8.8.8
Change-Id: I9537d47b135e6e0324fb40ece2b9f7befb159244
diff --git a/Tethering/apex/Android.bp b/Tethering/apex/Android.bp
index 4703f1d..9f67b39 100644
--- a/Tethering/apex/Android.bp
+++ b/Tethering/apex/Android.bp
@@ -61,6 +61,7 @@
binaries: [
"clatd",
],
+ canned_fs_config: "canned_fs_config",
bpfs: [
"offload.o",
"test.o",
diff --git a/Tethering/apex/canned_fs_config b/Tethering/apex/canned_fs_config
new file mode 100644
index 0000000..44c57ab
--- /dev/null
+++ b/Tethering/apex/canned_fs_config
@@ -0,0 +1,2 @@
+/bin/for-system 0 1000 0550
+/bin/for-system/clatd 1029 1029 06555