Shell indeed is calling 'setprop' command from toolbox but I just looked into setprop.c and it is calling the cutil implementation of property_set, instead of init's implementation. Cutil's implementation of property_set is to connect to the property socket and send command to init through that socket. How come it doesn't need a connectto permission?
From: owner-seandroid-l...@tycho.nsa.gov [mailto:owner-seandroid-l...@tycho.nsa.gov] On Behalf Of Robert Craig Sent: Monday, November 26, 2012 6:55 PM To: William Roberts Cc: seandroid-list@tycho.nsa.gov Subject: Re: property service set I believe the shell instead uses the 'setprop' command from toolbox which sets the property key (with property_set). Whereas vold directly uses the property_set command. On Mon, Nov 26, 2012 at 9:16 PM, William Roberts <bill.c.robe...@gmail.com<mailto:bill.c.robe...@gmail.com>> wrote: On Mon, Nov 26, 2012 at 6:12 PM, William Roberts <bill.c.robe...@gmail.com<mailto:bill.c.robe...@gmail.com>> wrote: > I was asked this question and could not come up with a convincing answer. > > shell.te defines the following: > allow shell property_socket:sock_file write; > allow shell shell_prop:property_service set; > > where as vold: > unix_socket_connect(vold, property, init) > allow vold vold_prop:property_service set; > > > They both allow them to set the respective properties and also to > write the property_socket. However, vold has the additional allow vold > init:unix_stream_socket connectto; > > How come vold requires this and shell does not? Is the connection inherited or something? > > -- > Respectfully, > > William C Roberts -- Respectfully, William C Roberts -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to majord...@tycho.nsa.gov<mailto:majord...@tycho.nsa.gov> with the words "unsubscribe seandroid-list" without quotes as the message.
