Merge "system_server: add policy for getConnectionOwnerUid API"

2018-09-21 21:04:20 +00:00 · 2018-09-21 21:04:20 +00:00 · 7776cc3bc5
commit 7776cc3bc5
parent b4ef6e7333 d1b14ab732
1 changed files with 3 additions and 0 deletions
--- a/private/system_server.te
+++ b/private/system_server.te
@ -78,6 +78,9 @@ allow system_server self:global_capability2_class_set wake_alarm;
 # Create and share netlink_netfilter_sockets for tetheroffload.
 allow system_server self:netlink_netfilter_socket create_socket_perms_no_ioctl;

+# Create/use netlink_tcpdiag_socket for looking up connection UIDs for VPN apps.
+allow system_server self:netlink_tcpdiag_socket { create_socket_perms_no_ioctl nlmsg_read };
+
 # Use netlink uevent sockets.
 allow system_server self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;