tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Allow fcntl F_SETLK on sockets.

Browse source 
Addresses denials such as:
type=1400 : avc: denied { lock } for comm="PushCheckSendS" path="socket:[1834573]" dev="sockfs" ino=X scontext=u:r:untrusted_app:s0 tcontext=u:r:untrusted_app:s0 tclass=tcp_socket

Change-Id: Idbf6120cca9df634e2f8a876fd1cd836551e5ad7
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Stephen Smalley 2014-12-11 11:45:51 -05:00
parent fc6214bf5d
commit 2c75918505
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
global_macros
View file

@ -41,7 +41,7 @@ define(`create_ipc_perms', `{ create setattr destroy rw_ipc_perms }')
#####################################
# Common socket permission sets.
define(`rw_socket_perms', `{ ioctl read getattr write setattr append bind connect getopt setopt shutdown }')
define(`rw_socket_perms', `{ ioctl read getattr write setattr lock append bind connect getopt setopt shutdown }')
define(`create_socket_perms', `{ create rw_socket_perms }')
define(`rw_stream_socket_perms', `{ rw_socket_perms listen accept }')
define(`create_stream_socket_perms', `{ create rw_stream_socket_perms }')