Merge "Sepolicy: allow ipacm to create netfilter socket"

author: Linux Build Service Account <lnxbuild@localhost> 2016-09-12 20:43:36 -0700
committer: Gerrit - the friendly Code Review server <code-review@localhost> 2016-09-12 20:43:36 -0700
commit: fec07fe5ce6c0268cf7a495fa377626bd481ae88 (patch)
tree: fcb6f5954d27f1d6a112f383abfd21d561f6e5b0
parent: a323ca401b5e91d2eec34c6f2999b3116819cd12 (diff)
parent: 77b0084a0409b83ecdf7e0fb80317c8e5e7947e0 (diff)
download: android_device_qcom_sepolicy-fec07fe5ce6c0268cf7a495fa377626bd481ae88.tar.gz
android_device_qcom_sepolicy-fec07fe5ce6c0268cf7a495fa377626bd481ae88.tar.bz2
android_device_qcom_sepolicy-fec07fe5ce6c0268cf7a495fa377626bd481ae88.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/common/ipacm.te b/common/ipacm.te
index 087092f2..17f1fb29 100644
--- a/common/ipacm.te
+++ b/common/ipacm.te
@@ -14,6 +14,9 @@ userdebug_or_eng(`
   unix_socket_send(ipacm, ipacm, ipacm-diag)
 ')
 
+# Allow capabilities to create netfilter_socket
+allow ipacm self:netlink_netfilter_socket create_socket_perms;
+
 # Allow capabilities to perform network operations and interactions with network interfaces
 allow ipacm ipacm:capability net_admin;
author	Linux Build Service Account <lnxbuild@localhost>	2016-09-12 20:43:36 -0700
committer	Gerrit - the friendly Code Review server <code-review@localhost>	2016-09-12 20:43:36 -0700
commit	fec07fe5ce6c0268cf7a495fa377626bd481ae88 (patch)
tree	fcb6f5954d27f1d6a112f383abfd21d561f6e5b0
parent	a323ca401b5e91d2eec34c6f2999b3116819cd12 (diff)
parent	77b0084a0409b83ecdf7e0fb80317c8e5e7947e0 (diff)
download	android_device_qcom_sepolicy-fec07fe5ce6c0268cf7a495fa377626bd481ae88.tar.gz android_device_qcom_sepolicy-fec07fe5ce6c0268cf7a495fa377626bd481ae88.tar.bz2 android_device_qcom_sepolicy-fec07fe5ce6c0268cf7a495fa377626bd481ae88.zip