diff options
author | Lorenzo Colitti <lorenzo@google.com> | 2015-09-15 02:39:21 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2015-09-15 02:39:21 +0000 |
commit | 48dae29f9a046b328b49abd2073e134d7c29b274 (patch) | |
tree | 6b95d481273a3101c78b96aa6785d14f58386f57 | |
parent | 0b764ae98a7fe452690616b7d722a63bb7cd5fa8 (diff) | |
parent | 16c36f68ae575a87e438329e6d159532d61cf113 (diff) | |
download | android_external_sepolicy-48dae29f9a046b328b49abd2073e134d7c29b274.tar.gz android_external_sepolicy-48dae29f9a046b328b49abd2073e134d7c29b274.tar.bz2 android_external_sepolicy-48dae29f9a046b328b49abd2073e134d7c29b274.zip |
Merge "Allow system_server to bind ping sockets." into mnc-dr-dev
-rw-r--r-- | system_server.te | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/system_server.te b/system_server.te index 0b18eb4..c9d8f3b 100644 --- a/system_server.te +++ b/system_server.te @@ -101,9 +101,13 @@ allow system_server proc_sysrq:file rw_file_perms; # Read /sys/kernel/debug/wakeup_sources. allow system_server debugfs:file r_file_perms; -# WifiWatchdog uses a packet_socket +# The DhcpClient and WifiWatchdog use packet_sockets allow system_server self:packet_socket create_socket_perms; +# NetworkDiagnostics requires explicit bind() calls to ping sockets. These aren't actually the same +# as raw sockets, but the kernel doesn't yet distinguish between the two. +allow system_server node:rawip_socket node_bind; + # 3rd party VPN clients require a tun_socket to be created allow system_server self:tun_socket create_socket_perms; |