utils: eth_mac_addr: Fix the GSI/Treble compatibility
This patch fixes this script, which update Ethernet MAC
address on DB845c and RB5, to work with Android GSI images.
So we no longer copy the scripts to system.img and we switch
from using "/system/bin/ip" to "/vendor/bin/ifconfig"
because "/vendor/bin/ip" doesn't exist and selinux denials
for using "/system/bin/ip" from vendor domain are just to
complex to handle for me.
Change-Id: Icf71c349c74a87f784b2cf1ff7b8604b1c43b03f
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
diff --git a/sepolicy/set_ethaddr.te b/sepolicy/set_ethaddr.te
index 4b62d7f..86f9ea8 100644
--- a/sepolicy/set_ethaddr.te
+++ b/sepolicy/set_ethaddr.te
@@ -1,13 +1,12 @@
-type set_ethaddr, domain, coredomain;
-type set_ethaddr_exec, exec_type, system_file_type, file_type;
+type set_ethaddr, domain;
+type set_ethaddr_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(set_ethaddr);
allow set_ethaddr proc_cmdline:file { open read };
allow set_ethaddr proc_bootconfig:file { open read };
allow set_ethaddr rootfs:dir { open read };
allow set_ethaddr self:capability net_admin;
-allow set_ethaddr self:netlink_route_socket { bind create getattr nlmsg_read nlmsg_readpriv nlmsg_write read setopt write };
-allow set_ethaddr self:udp_socket { create ioctl };
-allow set_ethaddr shell_exec:file { execute getattr map read };
-allow set_ethaddr system_file:file execute_no_trans;
-allow set_ethaddr toolbox_exec:file { execute execute_no_trans getattr map open read };
+allow set_ethaddr self:udp_socket create_socket_perms;
+allow set_ethaddr vendor_file:file execute_no_trans;
+allow set_ethaddr vendor_toolbox_exec:file execute_no_trans;
+allowxperm set_ethaddr self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFHWADDR };