From 7c11bdc414e10d0e570ff35394d209784a647105 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Wed, 11 Jun 2014 09:05:32 -0400
Subject: [PATCH] Allow dnsmasq to inherit/use netd UDP socket.

Addresses denials such as:
avc: denied { read write } for comm="dnsmasq" path="socket:[1054090]" dev="sockfs" ino=1054090 scontext=u:r:dnsmasq:s0 tcontext=u:r:netd:s0 tclass=udp_socket
This may not be needed (need to check netd to see if it should be closing
all of these sockets before exec'ing other programs), but should be harmless.

Change-Id: I77c7af5e050e039fd48322914eeabbcb8a716040
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 dnsmasq.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dnsmasq.te b/dnsmasq.te
index 8a2d2e6ee..d802a3557 100644
--- a/dnsmasq.te
+++ b/dnsmasq.te
@@ -21,3 +21,4 @@ allow dnsmasq netd:netlink_nflog_socket { read write };
 allow dnsmasq netd:netlink_route_socket { read write };
 allow dnsmasq netd:unix_stream_socket { read write };
 allow dnsmasq netd:unix_dgram_socket { read write };
+allow dnsmasq netd:udp_socket { read write };