diff options
Diffstat (limited to 'system_server.te')
-rw-r--r-- | system_server.te | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/system_server.te b/system_server.te index ca95abf..2d5c331 100644 --- a/system_server.te +++ b/system_server.te @@ -21,10 +21,6 @@ allow system_server zygote:fd use; allow system_server zygote:process sigchld; allow system_server zygote_tmpfs:file read; -# Needed to close the zygote socket, which involves getopt / getattr -# This should be deleted after b/12061011 is fixed -allow system_server zygote:unix_stream_socket { getopt getattr }; - # system server gets network and bluetooth permissions. net_domain(system_server) bluetooth_domain(system_server) @@ -54,7 +50,7 @@ dontaudit system_server self:capability sys_ptrace; allow system_server kernel:system module_request; # Use netlink uevent sockets. -allow system_server self:netlink_kobject_uevent_socket *; +allow system_server self:netlink_kobject_uevent_socket create_socket_perms; # Kill apps. allow system_server appdomain:process { sigkill signal }; @@ -75,10 +71,10 @@ allow system_server qtaguid_device:chr_file rw_file_perms; allow system_server debugfs:file r_file_perms; # WifiWatchdog uses a packet_socket -allow system_server self:packet_socket *; +allow system_server self:packet_socket create_socket_perms; # 3rd party VPN clients require a tun_socket to be created -allow system_server self:tun_socket create; +allow system_server self:tun_socket create_socket_perms; # Notify init of death. allow system_server init:process sigchld; |