tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

selinux - remove clatd tun creation privs

Browse source 
No longer needed, since this is now done by netd.

In a separate commit so it can potentially not be backported to Q
if we so desire.

Test: build/installed on crosshatch with netd/clatd changes,
  and observed functioning ipv4 on ipv6 only network with no
  avc denials

Bug: 65674744
Bug: 131268436
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Id927ee73469d3e90f5111bd5e31ed760a58c8ebe
Merged-In: Id927ee73469d3e90f5111bd5e31ed760a58c8ebe
(cherry picked from commit 3e41b297d2)
This commit is contained in:
Maciej Żenczykowski 2019-04-08 21:32:05 -07:00 committed by Maciej Zenczykowski
parent dc4dc55784
commit 24dd16b650
1 changed files with 2 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
public/clatd.te
View file

@ -32,6 +32,5 @@ allow clatd self:global_capability_class_set { net_admin net_raw setuid setgid }
allow clatd self:global_capability_class_set ipc_lock;
allow clatd self:netlink_route_socket nlmsg_write;
allow clatd self:{ packet_socket rawip_socket tun_socket } create_socket_perms_no_ioctl;
allow clatd tun_device:chr_file rw_file_perms;
allowxperm clatd tun_device:chr_file ioctl { TUNGETIFF TUNSETIFF };
allow clatd self:{ packet_socket rawip_socket } create_socket_perms_no_ioctl;
allow clatd tun_device:chr_file rw_file_perms;