tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Move pf_key socket creation permission to netd"

Browse source
This commit is contained in:
Treehugger Robot 2019-04-12 22:35:52 +00:00 committed by Gerrit Code Review
commit 3cba24a81a
2 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
private/netd.te
View file

@ -12,6 +12,10 @@ domain_auto_trans(netd, clatd_exec, clatd)
# the map created by bpfloader
allow netd bpfloader:bpf { prog_run map_read map_write };
# in order to invoke side effect of close() on such a socket calling synchronize_rcu()
# TODO: Remove this permission when 4.9 kernel is deprecated.
allow netd self:key_socket create;
get_prop(netd, bpf_progs_loaded_prop)
# Allow netd to write to statsd.

4
private/system_server.te
View file

@ -879,10 +879,6 @@ with_asan(`
allow system_server fs_bpf:dir search;
allow system_server fs_bpf:file { read write };
allow system_server bpfloader:bpf { map_read map_write };
# in order to invoke side effect of close() on such a socket calling synchronize_rcu()
# TODO: Remove this permission when 4.9 kernel is deprecated.
allow system_server self:key_socket create;
# ART Profiles.
# Allow system_server to open profile snapshots for read.