aboutsummaryrefslogtreecommitdiffstats
path: root/system_server.te
diff options
context:
space:
mode:
Diffstat (limited to 'system_server.te')
-rw-r--r--system_server.te10
1 files changed, 3 insertions, 7 deletions
diff --git a/system_server.te b/system_server.te
index ca95abf..2d5c331 100644
--- a/system_server.te
+++ b/system_server.te
@@ -21,10 +21,6 @@ allow system_server zygote:fd use;
allow system_server zygote:process sigchld;
allow system_server zygote_tmpfs:file read;
-# Needed to close the zygote socket, which involves getopt / getattr
-# This should be deleted after b/12061011 is fixed
-allow system_server zygote:unix_stream_socket { getopt getattr };
-
# system server gets network and bluetooth permissions.
net_domain(system_server)
bluetooth_domain(system_server)
@@ -54,7 +50,7 @@ dontaudit system_server self:capability sys_ptrace;
allow system_server kernel:system module_request;
# Use netlink uevent sockets.
-allow system_server self:netlink_kobject_uevent_socket *;
+allow system_server self:netlink_kobject_uevent_socket create_socket_perms;
# Kill apps.
allow system_server appdomain:process { sigkill signal };
@@ -75,10 +71,10 @@ allow system_server qtaguid_device:chr_file rw_file_perms;
allow system_server debugfs:file r_file_perms;
# WifiWatchdog uses a packet_socket
-allow system_server self:packet_socket *;
+allow system_server self:packet_socket create_socket_perms;
# 3rd party VPN clients require a tun_socket to be created
-allow system_server self:tun_socket create;
+allow system_server self:tun_socket create_socket_perms;
# Notify init of death.
allow system_server init:process sigchld;
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-30 15:32:58 +0000