From c5f8e959d3ade58d91d2e695db61145da278b3a6 Mon Sep 17 00:00:00 2001 From: Yakun Xu Date: Thu, 9 May 2024 17:05:04 +0800 Subject: [PATCH] Thread: allow ot-rcp to bind a specific netif This commit adds necessary permissions for ot-rcp to bind to a network interface specified by its address or name. Test: presubmit Bug: 329188649 Change-Id: I6731df79c04eeeb2c39017b99b9c2acf315256e2 --- vendor/ot_rcp.te | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/vendor/ot_rcp.te b/vendor/ot_rcp.te index b1f57a78f..f63037046 100644 --- a/vendor/ot_rcp.te +++ b/vendor/ot_rcp.te @@ -8,10 +8,12 @@ type ot_rcp_exec, exec_type, vendor_file_type, file_type; userdebug_or_eng(` domain_auto_trans(hal_threadnetwork_default, ot_rcp_exec, ot_rcp) allow hal_threadnetwork_default devpts:chr_file {open read write ioctl}; +allow hal_threadnetwork_default ot_rcp:process signal; allow ot_rcp hal_threadnetwork_default:fd use; allow ot_rcp hal_threadnetwork_default:fifo_file rw_file_perms; allow ot_rcp devpts:chr_file {read write ioctl}; -allow ot_rcp self:udp_socket create_socket_perms_no_ioctl; +allow ot_rcp self:udp_socket { bind create ioctl read setopt write }; allow ot_rcp node:udp_socket node_bind; allow ot_rcp port:udp_socket name_bind; +allow ot_rcp self:netlink_route_socket { nlmsg_read nlmsg_readpriv create read write }; ')