Sepolicy: allow ipacm to create netfilter socket

Allow IPACM to open netlink_netfilter_socket. CRs-Fixed: 1062722 Change-Id: I7ec47c2654b93e5b96ea93e4930cc3b227ca79d0
author: Skylar Chang <chiaweic@codeaurora.org> 2016-09-09 15:40:08 -0700
committer: Skylar Chang <chiaweic@codeaurora.org> 2016-09-12 11:20:29 -0700
commit: 77b0084a0409b83ecdf7e0fb80317c8e5e7947e0 (patch)
tree: e46991a65b449078970fc683a14da2f94c4c97e5
parent: f6882ff286804117b685cab01421f218474d652b (diff)
download: android_device_qcom_sepolicy-77b0084a0409b83ecdf7e0fb80317c8e5e7947e0.tar.gz
android_device_qcom_sepolicy-77b0084a0409b83ecdf7e0fb80317c8e5e7947e0.tar.bz2
android_device_qcom_sepolicy-77b0084a0409b83ecdf7e0fb80317c8e5e7947e0.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/common/ipacm.te b/common/ipacm.te
index 087092f2..17f1fb29 100644
--- a/common/ipacm.te
+++ b/common/ipacm.te
@@ -14,6 +14,9 @@ userdebug_or_eng(`
   unix_socket_send(ipacm, ipacm, ipacm-diag)
 ')
 
+# Allow capabilities to create netfilter_socket
+allow ipacm self:netlink_netfilter_socket create_socket_perms;
+
 # Allow capabilities to perform network operations and interactions with network interfaces
 allow ipacm ipacm:capability net_admin;
author	Skylar Chang <chiaweic@codeaurora.org>	2016-09-09 15:40:08 -0700
committer	Skylar Chang <chiaweic@codeaurora.org>	2016-09-12 11:20:29 -0700
commit	77b0084a0409b83ecdf7e0fb80317c8e5e7947e0 (patch)
tree	e46991a65b449078970fc683a14da2f94c4c97e5
parent	f6882ff286804117b685cab01421f218474d652b (diff)
download	android_device_qcom_sepolicy-77b0084a0409b83ecdf7e0fb80317c8e5e7947e0.tar.gz android_device_qcom_sepolicy-77b0084a0409b83ecdf7e0fb80317c8e5e7947e0.tar.bz2 android_device_qcom_sepolicy-77b0084a0409b83ecdf7e0fb80317c8e5e7947e0.zip