diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2014-03-12 15:12:52 -0400 |
---|---|---|
committer | Stephen Smalley <sds@tycho.nsa.gov> | 2014-03-12 15:12:52 -0400 |
commit | 45815c3e4012639334888b4a380192443f5b711f (patch) | |
tree | 092e6c8592f2ad7ba07ef3bfff7a5231f0515acb /dnsmasq.te | |
parent | cb8c52623b304e78a707ec5bde4329d01e88cda4 (diff) | |
download | android_external_sepolicy-45815c3e4012639334888b4a380192443f5b711f.tar.gz android_external_sepolicy-45815c3e4012639334888b4a380192443f5b711f.tar.bz2 android_external_sepolicy-45815c3e4012639334888b4a380192443f5b711f.zip |
Allow dnsmasq dac_override capability.
dnsmasq presently requires dac_override to create files under
/data/misc/dhcp. Until it can be changed to run with group dhcp,
allow dac_override.
Addresses denials such as:
avc: denied { dac_override } for pid=21166 comm="dnsmasq" capability=1 scontext=u:r:dnsmasq:s0 tcontext=u:r:dnsmasq:s0 tclass=capability
Change-Id: Ic352dc7fc4ab44086c6b06cf727c48f29098f3a1
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'dnsmasq.te')
-rw-r--r-- | dnsmasq.te | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -5,6 +5,9 @@ type dnsmasq_exec, exec_type, file_type; net_domain(dnsmasq) +# TODO: Run with dhcp group to avoid need for dac_override. +allow dnsmasq self:capability dac_override; + allow dnsmasq self:capability { net_admin net_raw net_bind_service setgid setuid }; allow dnsmasq dhcp_data_file:dir w_dir_perms; |