Update Common NetD SEPolicy to allow Netlink XFRM
In order to perform XFRM operations NetD needs the
ability to both read and write Netlink XFRM messages.
Bug: 34811756
Test: 34812052
Change-Id: I26831c58b24a4c1f344b113f0b5cf47ed2c93fee
(cherry picked from commit 7eb3dd3b02)
This commit is contained in:
Nathan Harold
parent
3ad5c9e767
commit
63a9315601
1 changed files with 3 additions and 0 deletions
|
|
@ -80,6 +80,9 @@ allow netd netdomain:{
|
|||
} { read write getattr setattr getopt setopt };
|
||||
allow netd netdomain:fd use;
|
||||
|
||||
# give netd permission to read and write netlink xfrm
|
||||
allow netd self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_write nlmsg_read };
|
||||
|
||||
###
|
||||
### Neverallow rules
|
||||
###
|
||||
|
|
|
|||
Loading…
Reference in a new issue