Permit dumpstate to run "ip xfrm policy".staging/cm-14.1-cafrebase

Test: not yet Bug: 30869013 Change-Id: I6af275c70e38a11cec5f0580cd3b4330bd56c00a (cherry picked from commit e333e2f92af282f43802522b87ed478834539002)
author: Erik Kline <ek@google.com> 2016-09-28 20:18:53 +0900
committer: Zhao Wei Liew <zhaoweiliew@lineageos.org> 2017-02-09 14:02:52 +0000
commit: 73cda8389ffb2924015737bca3bd484cd83505c8 (patch)
tree: c1365e303db288d1478dc50705d190fc1137b03e
parent: 01bfbd8d0ca9496264d140ab2028572549534fe7 (diff)
download: android_system_sepolicy-staging/cm-14.1-cafrebase.tar.gz
android_system_sepolicy-staging/cm-14.1-cafrebase.tar.bz2
android_system_sepolicy-staging/cm-14.1-cafrebase.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/dumpstate.te b/dumpstate.te
index 115bb094..246a7481 100644
--- a/dumpstate.te
+++ b/dumpstate.te
@@ -140,6 +140,9 @@ allow dumpstate net_data_file:file r_file_perms;
 # List sockets via ss.
 allow dumpstate self:netlink_tcpdiag_socket { create_socket_perms nlmsg_read };
 
+# Permit output of IPSec transform state.
+allow dumpstate self:netlink_xfrm_socket { create_socket_perms nlmsg_read };
+
 # Access /data/tombstones.
 allow dumpstate tombstone_data_file:dir r_dir_perms;
 allow dumpstate tombstone_data_file:file r_file_perms;
author	Erik Kline <ek@google.com>	2016-09-28 20:18:53 +0900
committer	Zhao Wei Liew <zhaoweiliew@lineageos.org>	2017-02-09 14:02:52 +0000
commit	73cda8389ffb2924015737bca3bd484cd83505c8 (patch)
tree	c1365e303db288d1478dc50705d190fc1137b03e
parent	01bfbd8d0ca9496264d140ab2028572549534fe7 (diff)
download	android_system_sepolicy-staging/cm-14.1-cafrebase.tar.gz android_system_sepolicy-staging/cm-14.1-cafrebase.tar.bz2 android_system_sepolicy-staging/cm-14.1-cafrebase.zip