On 05/09/2013 10:56 AM, Tai Nguyen (tainguye) wrote:
Steve,
Thank for clarification. In that case, can we do something like
service wpa_supplicant /system/bin/logwrapper /system/bin/wpa_supplicant \
# after setting up the capabilities required for WEXT
# user wifi
# group wifi inet keystore
class main
socket wpa_wlan0 dgram 660 wifi wifi context=u:r:wpa:s0
disabled
With my patch, you don't need to specify the socket security context at
all; init will compute it correctly.
Prior to my patch, you could work around it by adding a seclabel entry
for the service, i.e.
service wpa_supplicant /system/bin/logwrapper /system/bin/wpa_supplicant
seclabel u:r:wpa:s0
...
but that would require a policy change to allow entrypoint permission
between wpa and the type on the logwrapper program.
There is no context= option for socket entries at present, and we don't
really need it since we can handle it using either the patch I posted
(now also uploaded to AOSP at [1]) or by using the seclabel approach above.
[1] https://android-review.googlesource.com/#/c/58300/
--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to majord...@tycho.nsa.gov with
the words "unsubscribe seandroid-list" without quotes as the message.
