diff options
author | Nick Kralevich <nnk@google.com> | 2013-11-13 11:32:13 -0800 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2013-11-13 11:32:13 -0800 |
commit | 91ebcf33326418ed9603e618ad193550646c3b04 (patch) | |
tree | 63430d440c945b4314a436c0f9b8a635635e783c /netd.te | |
parent | 36a5d109e6953c63d2a865eab4c4d021aa52250b (diff) | |
download | android_external_sepolicy-91ebcf33326418ed9603e618ad193550646c3b04.tar.gz android_external_sepolicy-91ebcf33326418ed9603e618ad193550646c3b04.tar.bz2 android_external_sepolicy-91ebcf33326418ed9603e618ad193550646c3b04.zip |
netd: allow tcp_socket name_connect
The patch in 36a5d109e6953c63d2a865eab4c4d021aa52250b wasn't
sufficient to address DNS over TCP. We also need to allow
name_connect.
Fixes the following denial:
<5>[ 82.120746] type=1400 audit(1830030.349:5): avc: denied { name_connect } for pid=1457 comm="netd" dest=53 scontext=u:r:netd:s0 tcontext=u:object_r:port:s0 tclass=tcp_socket
Public Bug: https://code.google.com/p/android/issues/detail?id=62196
Bug: 11097631
Change-Id: I688d6923b78782e2183a9d69b7e74f95d6e3f893
Diffstat (limited to 'netd.te')
-rw-r--r-- | netd.te | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -11,6 +11,7 @@ allow netd self:rawip_socket *; allow netd self:{ tcp_socket udp_socket } *; allow netd node:{ tcp_socket udp_socket } node_bind; allow netd port:{ tcp_socket udp_socket } name_bind; +allow netd port:tcp_socket name_connect; allow netd self:unix_stream_socket *; allow netd shell_exec:file rx_file_perms; allow netd system_file:file x_file_perms; |