From f9d40ae77aa5884cb14bec350b8c44d35fe75fda Mon Sep 17 00:00:00 2001
From: Hungming Chen <nuccachen@google.com>
Date: Fri, 14 Jan 2022 17:42:43 +0800
Subject: [PATCH] Set the permission to file clatd and directory for-system

Set clatd privs to clat:clat:-r-sr-sr-x and set its parent
directory privs to root:system:dr-xr-x---. Makes sure that
only root and system group members can execute the binary.

Test: flash and check the file permission

$ adb shell ls -lZ /apex/com.android.tethering/bin
dr-xr-x--- 2 root system u:object_r:system_file:s0  4096 1970-01-01 08:00 for-system

$ adb shell ls -lZ /apex/com.android.tethering/bin/for-system
-r-sr-sr-x 1 clat clat u:object_r:clatd_exec:s0  24352 1970-01-01 08:00 clatd

Bug: 212345928
Test: test clat
1. Connect to ipv6-only wifi.
2. Make IPv4 traffic.
   $ ping 8.8.8.8

Change-Id: I9537d47b135e6e0324fb40ece2b9f7befb159244
---
 Tethering/apex/Android.bp       | 1 +
 Tethering/apex/canned_fs_config | 2 ++
 2 files changed, 3 insertions(+)
 create mode 100644 Tethering/apex/canned_fs_config

diff --git a/Tethering/apex/Android.bp b/Tethering/apex/Android.bp
index 4703f1d1e1..9f67b39f33 100644
--- a/Tethering/apex/Android.bp
+++ b/Tethering/apex/Android.bp
@@ -61,6 +61,7 @@ apex {
     binaries: [
         "clatd",
     ],
+    canned_fs_config: "canned_fs_config",
     bpfs: [
         "offload.o",
         "test.o",
diff --git a/Tethering/apex/canned_fs_config b/Tethering/apex/canned_fs_config
new file mode 100644
index 0000000000..44c57ab17d
--- /dev/null
+++ b/Tethering/apex/canned_fs_config
@@ -0,0 +1,2 @@
+/bin/for-system 0 1000 0550
+/bin/for-system/clatd 1029 1029 06555