diff options
author | Nick Kralevich <nnk@google.com> | 2015-03-08 23:02:59 -0700 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2015-03-08 23:55:28 -0700 |
commit | 0560e75e4f03e4637637de8512a4718fe7870df8 (patch) | |
tree | fe15d420d714987fe4a6b0794ad326c4ef02fa80 /system_server.te | |
parent | 0d0d5aa9cd48e3f3f8b115f7a6ffbdad5894ad2c (diff) | |
download | android_external_sepolicy-0560e75e4f03e4637637de8512a4718fe7870df8.tar.gz android_external_sepolicy-0560e75e4f03e4637637de8512a4718fe7870df8.tar.bz2 android_external_sepolicy-0560e75e4f03e4637637de8512a4718fe7870df8.zip |
system_server: allow handling app generated unix_stream_sockets
Allow system server to handle already open app unix_stream_sockets.
This is needed to support system_server receiving a socket
created using socketpair(AF_UNIX, SOCK_STREAM) and
socketpair(AF_UNIX, SOCK_SEQPACKET). Needed for future Android
functionality.
Addresses the following denial:
type=1400 audit(0.0:9): avc: denied { read write } for path="socket:[14911]" dev="sockfs" ino=14911 scontext=u:r:system_server:s0 tcontext=u:r:platform_app:s0:c512,c768 tclass=unix_stream_socket permissive=0
Bug: 19648474
Change-Id: I4644e318aa74ada4d98b7f49a41d13a9b9584f39
Diffstat (limited to 'system_server.te')
-rw-r--r-- | system_server.te | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/system_server.te b/system_server.te index 41036b6..5378766 100644 --- a/system_server.te +++ b/system_server.te @@ -313,7 +313,7 @@ allow system_server gps_control:file rw_file_perms; # Allow system_server to use app-created sockets and pipes. allow system_server appdomain:{ tcp_socket udp_socket } { getattr getopt setopt read write shutdown }; -allow system_server appdomain:fifo_file { getattr read write }; +allow system_server appdomain:{ fifo_file unix_stream_socket } { getattr read write }; # Allow abstract socket connection allow system_server rild:unix_stream_socket connectto; |