sepolicy: add rule for CNE.

add rule for CNE data file for db file

Change-Id: I1dbc81f7be2bb4b4344336546622d351f5fa3e23

3 files changed, 4 insertions, 0 deletions

diff --git a/common/cnd.te b/common/cnd.te
index 1cfc90c9..86ab50a9 100644
--- a/common/cnd.te
+++ b/common/cnd.te
@@ -20,6 +20,7 @@ allow cnd self:netlink_tcpdiag_socket { bind create write read
  nlmsg_read getopt};
 allow cnd self:netlink_route_socket { read bind create write
  nlmsg_read };
+allow cnd self:netlink_socket { create setopt getopt bind getattr write read };
 
 # allow cnd to set system property
 allow cnd system_prop:property_service set;
diff --git a/common/netd.te b/common/netd.te
index cfdc509d..a5e70fa9 100644
--- a/common/netd.te
+++ b/common/netd.te
@@ -6,3 +6,4 @@ dontaudit netd self:capability sys_module;
 
 #needed for ipt_TCPMSS and ip6t_TCPMSS
 allow netd kernel:system module_request;
+unix_socket_connect(netd, cnd, cnd)
diff --git a/common/system_app.te b/common/system_app.te
index 4a7de392..895cec2f 100644
--- a/common/system_app.te
+++ b/common/system_app.te
@@ -18,3 +18,5 @@ allow system_app cne_service:service_manager add;
 userdebug_or_eng(`
   allow system_app debugfs:file r_file_perms;
 ')
+allow system_app cnd_data_file:dir w_dir_perms;
+allow system_app cnd_data_file:file create_file_perms;