Merge "Move pf_key socket creation permission to system_server" am: d3d214482f
am: 6093f3febf
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1964902 Change-Id: I828908e154e5a92b1876529e7a89b49ea05a548f
This commit is contained in:
commit
7eae1d2a5f
2 changed files with 3 additions and 0 deletions
|
@ -18,6 +18,7 @@ allow netd bpfloader:bpf { prog_run map_read map_write };
|
|||
|
||||
# in order to invoke side effect of close() on such a socket calling synchronize_rcu()
|
||||
# TODO: Remove this permission when 4.9 kernel is deprecated.
|
||||
# TODO: Remove this after we remove all bpf interactions from netd.
|
||||
allow netd self:key_socket create;
|
||||
|
||||
set_prop(netd, ctl_mdnsd_prop)
|
||||
|
|
|
@ -1116,6 +1116,8 @@ with_asan(`
|
|||
allow system_server fs_bpf:dir search;
|
||||
allow system_server fs_bpf:file { read write };
|
||||
allow system_server bpfloader:bpf { map_read map_write prog_run };
|
||||
# in order to invoke side effect of close() on such a socket calling synchronize_rcu()
|
||||
allow system_server self:key_socket create;
|
||||
|
||||
# ART Profiles.
|
||||
# Allow system_server to open profile snapshots for read.
|
||||
|
|
Loading…
Reference in a new issue