am b32448c9: Merge "Allow clatd to read from packet sockets and write to raw sockets"
* commit 'b32448c90f982e9832ca87a6931dfc956da8b71b': Allow clatd to read from packet sockets and write to raw sockets
This commit is contained in:
Lorenzo Colitti
Android Git Automerger
commit
fb6351669d
1 changed files with 2 additions and 2 deletions
4
clatd.te
4
clatd.te
|
|
@ -15,12 +15,12 @@ allow clatd netd:udp_socket { read write };
|
||||||
allow clatd netd:unix_stream_socket { read write };
|
allow clatd netd:unix_stream_socket { read write };
|
||||||
allow clatd netd:unix_dgram_socket { read write };
|
allow clatd netd:unix_dgram_socket { read write };
|
||||||
|
|
||||||
allow clatd self:capability { net_admin setuid setgid };
|
allow clatd self:capability { net_admin net_raw setuid setgid };
|
||||||
|
|
||||||
# TODO: Run clatd in vpn group to avoid need for this on /dev/tun.
|
# TODO: Run clatd in vpn group to avoid need for this on /dev/tun.
|
||||||
allow clatd self:capability dac_override;
|
allow clatd self:capability dac_override;
|
||||||
|
|
||||||
allow clatd self:netlink_route_socket nlmsg_write;
|
allow clatd self:netlink_route_socket nlmsg_write;
|
||||||
allow clatd self:tun_socket create_socket_perms;
|
allow clatd self:{ packet_socket rawip_socket tun_socket } create_socket_perms;
|
||||||
allow clatd tun_device:chr_file rw_file_perms;
|
allow clatd tun_device:chr_file rw_file_perms;
|
||||||
allow clatd proc_net:file rw_file_perms;;
|
allow clatd proc_net:file rw_file_perms;;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue