From e4016afa725773d6cf25890e1d1ab85090e00875 Mon Sep 17 00:00:00 2001 From: Ricardo Cerqueira Date: Wed, 26 Nov 2014 10:33:02 -0800 Subject: [PATCH] Allow SystemServer to set service.adb.tcp.* properties Required for network adb enable/disable to function Change-Id: I3e2aacb6b8e9b107dcd229187a5dd76128e20001 --- sepolicy/property.te | 1 + sepolicy/property_contexts | 1 + sepolicy/sepolicy.mk | 3 +++ sepolicy/shell.te | 1 + sepolicy/system.te | 3 +++ 5 files changed, 9 insertions(+) create mode 100644 sepolicy/property.te create mode 100644 sepolicy/property_contexts create mode 100644 sepolicy/shell.te diff --git a/sepolicy/property.te b/sepolicy/property.te new file mode 100644 index 00000000..68920104 --- /dev/null +++ b/sepolicy/property.te @@ -0,0 +1 @@ +type adbtcp_prop, property_type; diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts new file mode 100644 index 00000000..dc77194d --- /dev/null +++ b/sepolicy/property_contexts @@ -0,0 +1 @@ +service.adb.tcp. u:object_r:adbtcp_prop:s0 diff --git a/sepolicy/sepolicy.mk b/sepolicy/sepolicy.mk index ee217ffb..04fcac71 100644 --- a/sepolicy/sepolicy.mk +++ b/sepolicy/sepolicy.mk @@ -10,13 +10,16 @@ BOARD_SEPOLICY_UNION += \ file.te \ file_contexts \ genfs_contexts \ + property_contexts \ seapp_contexts \ service_contexts \ auditd.te \ healthd.te \ installd.te \ netd.te \ + property.te \ recovery.te \ + shell.te \ su.te \ sysinit.te \ system.te \ diff --git a/sepolicy/shell.te b/sepolicy/shell.te new file mode 100644 index 00000000..48b4777f --- /dev/null +++ b/sepolicy/shell.te @@ -0,0 +1 @@ +allow shell adbtcp_prop:property_service set; diff --git a/sepolicy/system.te b/sepolicy/system.te index 01972d48..02d9e095 100644 --- a/sepolicy/system.te +++ b/sepolicy/system.te @@ -1,2 +1,5 @@ allow system_server wallpaper_file:file relabelto; allow system_server dalvikcache_data_file:file write; + +# allow adb related properties to be set +allow system_server adbtcp_prop:property_service set;