tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/clatd.te
Nick Kralevich 99940d1af5 remove /proc/net read access from domain.te 
SELinux domains wanting read access to /proc/net need to
explicitly declare it.

TODO: fixup the ListeningPortsTest cts test so that it's not
broken.

Bug: 9496886
Change-Id: Ia9f1214348ac4051542daa661d35950eb271b2e4
2015-01-14 22:18:24 +00:00

23 lines
869 B
Text
Raw Blame History

# 464xlat daemon
type clatd, domain;
type clatd_exec, exec_type, file_type;
net_domain(clatd)
# Access objects inherited from netd.
allow clatd netd:fd use;
allow clatd netd:fifo_file { read write };
# TODO: Check whether some or all of these sockets should be close-on-exec.
allow clatd netd:netlink_kobject_uevent_socket { read write };
allow clatd netd:netlink_nflog_socket { read write };
allow clatd netd:netlink_route_socket { read write };
allow clatd netd:udp_socket { read write };
allow clatd netd:unix_stream_socket { read write };
allow clatd netd:unix_dgram_socket { read write };
r_dir_file(clatd, proc_net)
allow clatd self:capability { net_admin net_raw setuid setgid };
allow clatd self:netlink_route_socket nlmsg_write;
allow clatd self:{ packet_socket rawip_socket tun_socket } create_socket_perms;
allow clatd tun_device:chr_file rw_file_perms;
Reference in a new issue View git blame Copy permalink