From 0560e75e4f03e4637637de8512a4718fe7870df8 Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Sun, 8 Mar 2015 23:02:59 -0700 Subject: system_server: allow handling app generated unix_stream_sockets Allow system server to handle already open app unix_stream_sockets. This is needed to support system_server receiving a socket created using socketpair(AF_UNIX, SOCK_STREAM) and socketpair(AF_UNIX, SOCK_SEQPACKET). Needed for future Android functionality. Addresses the following denial: type=1400 audit(0.0:9): avc: denied { read write } for path="socket:[14911]" dev="sockfs" ino=14911 scontext=u:r:system_server:s0 tcontext=u:r:platform_app:s0:c512,c768 tclass=unix_stream_socket permissive=0 Bug: 19648474 Change-Id: I4644e318aa74ada4d98b7f49a41d13a9b9584f39 --- system_server.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system_server.te') diff --git a/system_server.te b/system_server.te index 41036b6..5378766 100644 --- a/system_server.te +++ b/system_server.te @@ -313,7 +313,7 @@ allow system_server gps_control:file rw_file_perms; # Allow system_server to use app-created sockets and pipes. allow system_server appdomain:{ tcp_socket udp_socket } { getattr getopt setopt read write shutdown }; -allow system_server appdomain:fifo_file { getattr read write }; +allow system_server appdomain:{ fifo_file unix_stream_socket } { getattr read write }; # Allow abstract socket connection allow system_server rild:unix_stream_socket connectto; -- cgit v1.2.3