diff options
| author | Nick Kralevich <nnk@google.com> | 2013-11-12 20:54:20 -0800 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2013-11-13 06:29:29 -0800 |
| commit | 36a5d109e6953c63d2a865eab4c4d021aa52250b (patch) | |
| tree | 230e29a282bf26936ca99df315d14d1e3604641a /netd.te | |
| parent | 8510d31ed3b5d53c2232b7aac5f65b32d38753d0 (diff) | |
| download | android_external_sepolicy-36a5d109e6953c63d2a865eab4c4d021aa52250b.tar.gz android_external_sepolicy-36a5d109e6953c63d2a865eab4c4d021aa52250b.tar.bz2 android_external_sepolicy-36a5d109e6953c63d2a865eab4c4d021aa52250b.zip | |
netd: allow tcp connections.
DNS can use TCP connections, in addition to UDP connections.
Allow TCP connections.
Addresses the following denial:
[ 1831.586826] type=1400 audit(1384129166.563:173): avc: denied { create } for pid=11406 comm="netd" scontext=u:r:netd:s0 tcontext=u:r:netd:s0 tclass=tcp_socket
Public Bug: https://code.google.com/p/android/issues/detail?id=62196
Change-Id: Ia542a9df3e466a8d409955bab6a23a524ff3d07b
Bug: 11097631
Diffstat (limited to 'netd.te')
| -rw-r--r-- | netd.te | 6 |
1 files changed, 3 insertions, 3 deletions
@@ -8,9 +8,9 @@ allow netd self:netlink_kobject_uevent_socket *; allow netd self:netlink_route_socket *; allow netd self:netlink_nflog_socket *; allow netd self:rawip_socket *; -allow netd self:udp_socket *; -allow netd node:udp_socket node_bind; -allow netd port:udp_socket name_bind; +allow netd self:{ tcp_socket udp_socket } *; +allow netd node:{ tcp_socket udp_socket } node_bind; +allow netd port:{ tcp_socket udp_socket } name_bind; allow netd self:unix_stream_socket *; allow netd shell_exec:file rx_file_perms; allow netd system_file:file x_file_perms; |