tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "[NC#1] netd: allow netd to setup packet socket for clatd" am: f128becfa4

Browse source 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1903465

Change-Id: I8f248bfd4876ea0e55ed774f726cf818ee66972c
This commit is contained in:
Treehugger Robot 2021-12-10 04:54:56 +00:00 committed by Automerger Merge Worker
commit 14c5d92e83
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
private/netd.te
View file

@ -9,6 +9,9 @@ domain_auto_trans(netd, dnsmasq_exec, dnsmasq)
domain_auto_trans(netd, clatd_exec, clatd) domain_auto_trans(netd, clatd_exec, clatd)
allow netd clatd:process signal; allow netd clatd:process signal;
# Allow netd to setup packet socket and pass to clatd
allow netd self:packet_socket { bind create setopt };
# give netd permission to setup iptables rule with xt_bpf, attach program to cgroup, and read/write # give netd permission to setup iptables rule with xt_bpf, attach program to cgroup, and read/write
# the map created by bpfloader # the map created by bpfloader
allow netd bpfloader:bpf { prog_run map_read map_write }; allow netd bpfloader:bpf { prog_run map_read map_write };