diff options
| author | Jeff Sharkey <jsharkey@android.com> | 2014-12-16 13:08:16 -0800 |
|---|---|---|
| committer | Jeff Sharkey <jsharkey@android.com> | 2015-01-15 15:59:39 -0800 |
| commit | 33bf053826e38b4ea666a41d9f89512f7e950451 (patch) | |
| tree | 81f2117dca8000c3810bb18d8bbcf1a5a54ce69f /netd.te | |
| parent | 0d16b5ac49135e1bd40119ce17f23e6451ae4f48 (diff) | |
| download | android_external_sepolicy-33bf053826e38b4ea666a41d9f89512f7e950451.tar.gz android_external_sepolicy-33bf053826e38b4ea666a41d9f89512f7e950451.tar.bz2 android_external_sepolicy-33bf053826e38b4ea666a41d9f89512f7e950451.zip | |
Rules to let netd read packets from NFLOG target.
avc: denied { create } for scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=netlink_socket permissive=1
avc: denied { setopt } for scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=netlink_socket permissive=1
avc: denied { bind } for scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=netlink_socket permissive=1
avc: denied { getopt } for scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=netlink_socket permissive=1
avc: denied { write } for scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=netlink_socket permissive=1
avc: denied { read } for scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=netlink_socket permissive=1
Bug: 18335678
Change-Id: I7c03d55b4719d0fd8057507bf8ac1cf573e4744a
Diffstat (limited to 'netd.te')
| -rw-r--r-- | netd.te | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -18,6 +18,7 @@ allow netd self:capability { net_admin net_raw kill }; allow netd self:netlink_kobject_uevent_socket create_socket_perms; allow netd self:netlink_route_socket nlmsg_write; allow netd self:netlink_nflog_socket create_socket_perms; +allow netd self:netlink_socket create_socket_perms; allow netd shell_exec:file rx_file_perms; allow netd system_file:file x_file_perms; allow netd devpts:chr_file rw_file_perms; |