tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

netd: allow tcp_socket name_connect

Browse source 
The patch in 36a5d109e6 wasn't
sufficient to address DNS over TCP. We also need to allow
name_connect.

Fixes the following denial:

<5>[   82.120746] type=1400 audit(1830030.349:5): avc:  denied  { name_connect } for  pid=1457 comm="netd" dest=53 scontext=u:r:netd:s0 tcontext=u:object_r:port:s0 tclass=tcp_socket

Public Bug: https://code.google.com/p/android/issues/detail?id=62196
Bug: 11097631

(cherry picked from commit 91ebcf3332)

Change-Id: I62bba8777a5c8af1c0143e7ca2d915129ef38798
This commit is contained in:
Nick Kralevich 2013-11-13 11:32:13 -08:00
parent 59078a940d
commit 360d4120ec
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
netd.te
View file

@ -11,6 +11,7 @@ allow netd self:rawip_socket *;
allow netd self:{ tcp_socket udp_socket } *;
allow netd node:{ tcp_socket udp_socket } node_bind;
allow netd port:{ tcp_socket udp_socket } name_bind;
allow netd port:tcp_socket name_connect;
allow netd self:unix_stream_socket *;
allow netd shell_exec:file rx_file_perms;
allow netd system_file:file x_file_perms;