remove /proc/net read access from domain.te

SELinux domains wanting read access to /proc/net need to explicitly declare it. TODO: fixup the ListeningPortsTest cts test so that it's not broken. Bug: 9496886 Change-Id: Ia9f1214348ac4051542daa661d35950eb271b2e4
author: Nick Kralevich <nnk@google.com> 2015-01-14 14:12:14 -0800
committer: Nick Kralevich <nnk@google.com> 2015-01-14 22:18:24 +0000
commit: 99940d1af5719f1622fa2a17f8daf6cb21de3ad1 (patch)
tree: 2a9c86455c64d0e8452cb3379ddb4f43aca4ee12 /system_server.te
parent: 4a89cdfa89448c8660308a31bfcb517fffaa239e (diff)
download: android_external_sepolicy-99940d1af5719f1622fa2a17f8daf6cb21de3ad1.tar.gz
android_external_sepolicy-99940d1af5719f1622fa2a17f8daf6cb21de3ad1.tar.bz2
android_external_sepolicy-99940d1af5719f1622fa2a17f8daf6cb21de3ad1.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/system_server.te b/system_server.te
index 6199eb7..45c4936 100644
--- a/system_server.te
+++ b/system_server.te
@@ -91,6 +91,7 @@ allow system_server appdomain:file write;
 # Read/Write to /proc/net/xt_qtaguid/ctrl and and /dev/xt_qtaguid.
 allow system_server qtaguid_proc:file rw_file_perms;
 allow system_server qtaguid_device:chr_file rw_file_perms;
+r_dir_file(system_server, proc_net)
 
 # Write to /proc/sysrq-trigger.
 allow system_server proc_sysrq:file rw_file_perms;
author	Nick Kralevich <nnk@google.com>	2015-01-14 14:12:14 -0800
committer	Nick Kralevich <nnk@google.com>	2015-01-14 22:18:24 +0000
commit	99940d1af5719f1622fa2a17f8daf6cb21de3ad1 (patch)
tree	2a9c86455c64d0e8452cb3379ddb4f43aca4ee12 /system_server.te
parent	4a89cdfa89448c8660308a31bfcb517fffaa239e (diff)
download	android_external_sepolicy-99940d1af5719f1622fa2a17f8daf6cb21de3ad1.tar.gz android_external_sepolicy-99940d1af5719f1622fa2a17f8daf6cb21de3ad1.tar.bz2 android_external_sepolicy-99940d1af5719f1622fa2a17f8daf6cb21de3ad1.zip