From 03f03535feb02ef3b9fc239aeb36d3f2c476e9a2 Mon Sep 17 00:00:00 2001
From: BianYafei <bianyf0401@thundersoft.com>
Date: Fri, 30 Dec 2022 14:02:19 +0800
Subject: [PATCH 1/3] =?UTF-8?q?netmanager=5Fbase=E7=B3=BB=E7=BB=9F?=
 =?UTF-8?q?=E5=8F=82=E6=95=B0selinux=E9=85=8D=E7=BD=AE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: BianYafei <bianyf0401@thundersoft.com>
Change-Id: I35dde0f5027d621dff36b9ff38c784d3f9deea91
---
 sepolicy/base/public/parameter.te                | 1 +
 sepolicy/base/public/parameter_contexts          | 3 ++-
 sepolicy/ohos_policy/startup/init/system/init.te | 4 ++++
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/sepolicy/base/public/parameter.te b/sepolicy/base/public/parameter.te
index ef8e8041e..dfdcedfc2 100644
--- a/sepolicy/base/public/parameter.te
+++ b/sepolicy/base/public/parameter.te
@@ -60,6 +60,7 @@ type inputmethod_param, parameter_attr;
 type pasteboard_param, parameter_attr;
 type time_param, parameter_attr;
 type accesstoken_perm_param, parameter_attr;
+type netmanager_base_param, parameter_attr;
 
 allow init parameter_attr:file relabelto;
 allow parameter_attr tmpfs:filesystem associate;
diff --git a/sepolicy/base/public/parameter_contexts b/sepolicy/base/public/parameter_contexts
index ae2a0ee2a..7c377e5bb 100644
--- a/sepolicy/base/public/parameter_contexts
+++ b/sepolicy/base/public/parameter_contexts
@@ -57,4 +57,5 @@ persist.ace.                            u:object_r:arkui_param:s0
 persist.sys.default_ime                 u:object_r:inputmethod_param:s0
 persist.pasteboard.                     u:object_r:pasteboard_param:s0
 persist.time.                           u:object_r:time_param:s0
-accesstoken.permission.                  u:object_r:accesstoken_perm_param:s0
+persist.netmanager_base.                u:object_r:netmanager_base_param:s0
+accesstoken.permission.                 u:object_r:accesstoken_perm_param:s0
diff --git a/sepolicy/ohos_policy/startup/init/system/init.te b/sepolicy/ohos_policy/startup/init/system/init.te
index 2ed37b0e3..c831dd66d 100644
--- a/sepolicy/ohos_policy/startup/init/system/init.te
+++ b/sepolicy/ohos_policy/startup/init/system/init.te
@@ -43,6 +43,7 @@ allow devinfo_private_param tmpfs:filesystem associate;
 allow devinfo_public_param tmpfs:filesystem associate;
 allow telephony_param tmpfs:filesystem associate;
 allow useriam_fwkready_param tmpfs:filesystem associate;
+allow netmanager_base_param tmpfs:filesystem associate;
 
 allow init servicectrl_param:file { map open read relabelto relabelfrom };
 allow init servicectrl_reboot_param:file { map open read relabelto relabelfrom };
@@ -53,6 +54,7 @@ allow init devinfo_private_param:file { map open read relabelto relabelfrom };
 allow init devinfo_public_param:file { map open read relabelto relabelfrom };
 allow init telephony_param:file { map open read relabelto relabelfrom };
 allow init useriam_fwkready_param:file { map open read relabelto relabelfrom };
+allow init netmanager_base_param:file { map open read relabelto relabelfrom };
 
 #for set
 allow { init samgr hdf_devmgr } servicectrl_param:parameter_service { set };
@@ -65,6 +67,7 @@ allow init devinfo_public_param:parameter_service { set };
 allow { sadomain hdfdomain nativedomain } bootevent_param:parameter_service { set };
 allow { init telephony_sa riladapter_host } telephony_param:parameter_service { set };
 allow { useriam } useriam_fwkready_param:parameter_service { set };
+allow { init netmanager } netmanager_base_param:parameter_service { set };
 
 #for read
 allow { domain -limit_domain } servicectrl_param:file { map open read };
@@ -75,6 +78,7 @@ allow { domain -limit_domain } startup_uevent_param:file { map open read };
 allow { domain -limit_domain } devinfo_public_param:file { map open read };
 allow { domain -limit_domain } telephony_param:file { map open read };
 allow { domain -limit_domain } useriam_fwkready_param:file { map open read };
+allow { domain -limit_domain } netmanager_base_param:file { map open read };
 
 #for udid
 allow { init deviceinfoservice sh samgr hdf_devmgr softbus_server } devinfo_private_param:file { map open read };
-- 
Gitee


From fbf591892be4c8272e3ef501658e875a814de693 Mon Sep 17 00:00:00 2001
From: BianYafei <bianyf0401@thundersoft.com>
Date: Sat, 31 Dec 2022 14:22:31 +0800
Subject: [PATCH 2/3] paramservice_socket write permission

Signed-off-by: BianYafei <bianyf0401@thundersoft.com>
Change-Id: I1bac7574eca22e855fdde1efb3b3f11cba1c1ee8
---
 .../ohos_policy/communication/netmanager/system/netmanager.te   | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sepolicy/ohos_policy/communication/netmanager/system/netmanager.te b/sepolicy/ohos_policy/communication/netmanager/system/netmanager.te
index e806a1d39..a72dcc34d 100644
--- a/sepolicy/ohos_policy/communication/netmanager/system/netmanager.te
+++ b/sepolicy/ohos_policy/communication/netmanager/system/netmanager.te
@@ -36,6 +36,8 @@ allow netmanager netmanager:udp_socket { bind connect create getattr ioctl read
 allow netmanager netmanager:unix_dgram_socket { ioctl };
 allow netmanager netsysnative:binder { call };
 allow netmanager node:udp_socket { node_bind };
+allow netmanager paramservice_socket:sock_file write;
+allow netmanager persist_param:parameter_service set;
 allow netmanager port:tcp_socket { name_connect };
 allow netmanager port:udp_socket { name_bind };
 allow netmanager sh:binder { call };
-- 
Gitee


From 9c6a3ff751de78a1ae72581b6f7e74960fae1380 Mon Sep 17 00:00:00 2001
From: BianYafei <bianyf0401@thundersoft.com>
Date: Sat, 31 Dec 2022 17:38:07 +0800
Subject: [PATCH 3/3] connectto dined fix

Signed-off-by: BianYafei <bianyf0401@thundersoft.com>
Change-Id: Ia383903e9bead8f50a86ac31257266088f9daf72
---
 .../ohos_policy/communication/netmanager/system/netmanager.te    | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sepolicy/ohos_policy/communication/netmanager/system/netmanager.te b/sepolicy/ohos_policy/communication/netmanager/system/netmanager.te
index a72dcc34d..5cd4ff274 100644
--- a/sepolicy/ohos_policy/communication/netmanager/system/netmanager.te
+++ b/sepolicy/ohos_policy/communication/netmanager/system/netmanager.te
@@ -27,6 +27,7 @@ allow netmanager data_system:file { ioctl };
 allow netmanager dev_unix_socket:dir { search };
 allow netmanager download_server:binder { call };
 allow netmanager foundation:binder { call transfer };
+allow netmanager kernel:unix_stream_socket { connectto };
 allow netmanager netmanager:capability { net_admin };
 allow netmanager netmanager:capability { net_raw };
 allow netmanager netmanager:netlink_route_socket { create nlmsg_read read write };
-- 
Gitee