Introduce fwmarkd: a service to set the fwmark of sockets.

(cherry picked from commit 7d51096d4106a441a15741592d9ccdd0bfaca907) Change-Id: Ib6198e19dbc306521a26fcecfdf6e8424d163fc9
author: Sreeram Ramachandran <sreeram@google.com> 2014-05-01 11:12:10 -0700
committer: Sreeram Ramachandran <sreeram@google.com> 2014-05-14 11:23:28 -0700
commit: 56ecf4bdf8cb33362143f37cf683efd909415d5b (patch)
tree: 5ca82ed8ed9cb65fc23f2959442ba886486e8ef1 /netd.te
parent: 45206a388c580070bbd021f2b167bd8b3e3376f6 (diff)
download: android_external_sepolicy-56ecf4bdf8cb33362143f37cf683efd909415d5b.tar.gz
android_external_sepolicy-56ecf4bdf8cb33362143f37cf683efd909415d5b.tar.bz2
android_external_sepolicy-56ecf4bdf8cb33362143f37cf683efd909415d5b.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/netd.te b/netd.te
index 46cc436..6fe1ad3 100644
--- a/netd.te
+++ b/netd.te
@@ -58,6 +58,10 @@ allow netd clatd:process signal;
 
 allow netd ctl_mdnsd_prop:property_service set;
 
+# Allow netd to operate on sockets that are passed to it.
+allow netd netdomain:{tcp_socket udp_socket rawip_socket dccp_socket tun_socket} {read write getattr setattr getopt setopt};
+allow netd netdomain:fd use;
+
 ###
 ### Neverallow rules
 ###
author	Sreeram Ramachandran <sreeram@google.com>	2014-05-01 11:12:10 -0700
committer	Sreeram Ramachandran <sreeram@google.com>	2014-05-14 11:23:28 -0700
commit	56ecf4bdf8cb33362143f37cf683efd909415d5b (patch)
tree	5ca82ed8ed9cb65fc23f2959442ba886486e8ef1 /netd.te
parent	45206a388c580070bbd021f2b167bd8b3e3376f6 (diff)
download	android_external_sepolicy-56ecf4bdf8cb33362143f37cf683efd909415d5b.tar.gz android_external_sepolicy-56ecf4bdf8cb33362143f37cf683efd909415d5b.tar.bz2 android_external_sepolicy-56ecf4bdf8cb33362143f37cf683efd909415d5b.zip